A static database credential is a secret waiting to be leaked, as it provides an indefinite window of opportunity for attackers. This approach is often problematic due to shared credentials increasing overall risk, revocation processes taking time, and difficulty in auditing incidents. The Moving Target Defense (MTD) concept aims to increase uncertainty and complexity for attackers, reducing their window of opportunity and costs. MTD can be applied in web applications using refresh token mechanisms, which reduce the risk associated with leaked access tokens. Secret rotation and dynamic secrets are two moving target approaches that can reduce the window of opportunity for attackers. Secret rotation involves rotating credentials at intervals or on-demand, while dynamic secrets issue unique, short-lived credentials to each engineer or application. Implementing these practices requires a third-party script or tool, such as a secrets manager, to ensure comprehensive visibility and benefits of good secrets hygiene. By employing MTD principles and secret rotation/dynamic secrets practices, organizations can improve their security posture and reduce the risk of exploiting database credentials in the event of a leak.