From a1fff0f1671b5a25b1c7b2beacc9db6f3c84d7c0 Mon Sep 17 00:00:00 2001
From: = <akhilmhdh@gmail.com>
Date: Fri, 19 Dec 2025 23:44:55 +0530
Subject: [PATCH] fix: resolved  first time rotation issue in rotation

---
 .../mongodb-credentials-rotation-schemas.ts              | 3 ++-
 .../sql-credentials/sql-credentials-rotation-fns.ts      | 9 +++++----
 2 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/backend/src/ee/services/secret-rotation-v2/mongodb-credentials/mongodb-credentials-rotation-schemas.ts b/backend/src/ee/services/secret-rotation-v2/mongodb-credentials/mongodb-credentials-rotation-schemas.ts
index 9e914dadc1..f94de22f76 100644
--- a/backend/src/ee/services/secret-rotation-v2/mongodb-credentials/mongodb-credentials-rotation-schemas.ts
+++ b/backend/src/ee/services/secret-rotation-v2/mongodb-credentials/mongodb-credentials-rotation-schemas.ts
@@ -17,7 +17,8 @@ import { AppConnection } from "@app/services/app-connection/app-connection-enums
 
 export const MongoDBCredentialsRotationGeneratedCredentialsSchema = SqlCredentialsRotationGeneratedCredentialsSchema;
 export const MongoDBCredentialsRotationParametersSchema = SqlCredentialsRotationParametersSchema.omit({
-  rotationStatement: true
+  rotationStatement: true,
+  passwordRequirements: true
 });
 export const MongoDBCredentialsRotationTemplateSchema = SqlCredentialsRotationTemplateSchema.omit({
   rotationStatement: true
diff --git a/backend/src/ee/services/secret-rotation-v2/shared/sql-credentials/sql-credentials-rotation-fns.ts b/backend/src/ee/services/secret-rotation-v2/shared/sql-credentials/sql-credentials-rotation-fns.ts
index c7bef93135..91dc65b622 100644
--- a/backend/src/ee/services/secret-rotation-v2/shared/sql-credentials/sql-credentials-rotation-fns.ts
+++ b/backend/src/ee/services/secret-rotation-v2/shared/sql-credentials/sql-credentials-rotation-fns.ts
@@ -110,10 +110,11 @@ export const sqlCredentialsRotationFactory: TRotationFactory<
   ) => {
     // For SQL, since we get existing users, we change both their passwords
     // on issue to invalidate their existing passwords
-    const credentialsSet = [
-      { username: username1, password: generatePassword(passwordRequirement) },
-      { username: username2, password: generatePassword(passwordRequirement) }
-    ];
+    const credentialsSet = [{ username: username1, password: generatePassword(passwordRequirement) }];
+    // if both are same username like for mysql dual password rotation - we don't want to reissue twice loosing first cred access
+    if (username1 !== username2) {
+      credentialsSet.push({ username: username2, password: generatePassword(passwordRequirement) });
+    }
 
     try {
       await executeOperation(async (client) => {