How we at uSwitch managed to get all our applications to use short-lived database credentials without changing any of their code (almost).