let’s generate them automatically • An automated task would allow increased password rotation frequency • Continuous deployment of password rotations would be ideal • An automated task can be tested, and will never go beyond its scope • Storing the password in a shared-secret vault is our break glass • Integrating with AD would be great, allowing seamless runtime access control • Passwords should not be stored in Git, deploy scripts, etc