Allow RDS to manage the secret password

PhiRho · PhiRho · commit 016f2f231687 · 2025-08-05T11:21:08.000+02:00
diff --git a/functions/vectordb/function/__version__.py b/functions/vectordb/function/__version__.py
@@ -15,4 +15,4 @@
 """The version of the function."""
 
 # This is set at build time, using "hatch version"
-__version__ = "0.0.15"
+__version__ = "0.0.16"
diff --git a/functions/vectordb/function/fn.py b/functions/vectordb/function/fn.py
@@ -16,7 +16,6 @@
 Crossplane will automatically wait for dependencies to be ready before creating dependent resources.
 """
 
-import base64
 import dataclasses
 import ipaddress
 import secrets
@@ -149,11 +148,6 @@ async def RunFunction(
         subnet_group_resource = self._create_subnet_group(config)
         resources.append(("subnet_group", subnet_group_resource))
 
-        # 8.1. Create secret for database password
-        log.info("Creating password secret definition")
-        password_secret_resource = self._create_password_secret(config)
-        resources.append(("password_secret", password_secret_resource))
-
         # 9. Create Aurora cluster (depends on subnet group and security group)
         log.info("Creating Aurora cluster definition")
         aurora_resource = self._create_aurora_cluster(config)
@@ -593,25 +587,6 @@ def _create_subnet_group(self, config: VectorDBConfig) -> dict:
             },
         }
 
-    def _create_password_secret(self, config: VectorDBConfig) -> dict:
-        """Create a secret for the database password."""
-        return {
-            "apiVersion": "v1",
-            "kind": "Secret",
-            "type": "Opaque",
-            "stringData": {
-                "password": base64.b64encode(config.master_password.encode()).decode(),
-            },
-            "metadata": {
-                "name": f"vectordb-password-{config.environment_suffix}",
-                "namespace": config.namespace,
-                "labels": {
-                    "app": "vectordb",
-                    "environment": config.environment_suffix,
-                },
-            },
-        }
-
     def _create_aurora_cluster(self, config: VectorDBConfig) -> dict:
         """Create Aurora PostgreSQL cluster."""
         return {
@@ -625,6 +600,7 @@ def _create_aurora_cluster(self, config: VectorDBConfig) -> dict:
                     "engineMode": "provisioned",
                     "storageEncrypted": True,
                     "masterUsername": config.master_username,
+                    "autoGeneratePassword": True,
                     "masterPasswordSecretRef": {
                         "name": f"vectordb-password-{config.environment_suffix}",
                         "key": "password",
