Question
Design a dynamic-secrets system that issues short-lived, per-workload database credentials on demand instead of long-lived shared passwords: when a service needs DB access it requests a credential, your system creates a unique DB user scoped to that service with a 1-hour lease, and automatically revokes it at lease end or on demand. Fleet is ~10,000 workloads with high churn (autoscaling, deploys), generating thousands of credential requests/min, all against a small set of database clusters. Discuss the lease lifecycle, how you avoid exhausting/contending on the DB's user catalog, renewal, mass revocation on compromise, and the failure mode where your system is down.
Clarify scale and constraints first. Propose a clean component breakdown, then go deep on the hard parts — data model, bottlenecks, consistency, failure modes — and name the trade-offs you are making.