diff --git a/builtin/logical/database/path_rotate_credentials.go b/builtin/logical/database/path_rotate_credentials.go
index 03a6845e1..2d5fa7a8f 100644
--- a/builtin/logical/database/path_rotate_credentials.go
+++ b/builtin/logical/database/path_rotate_credentials.go
@@ -74,6 +74,11 @@ func (b *databaseBackend) pathRotateRootCredentialsUpdate() framework.OperationF
 			return nil, fmt.Errorf("unable to rotate root credentials: no username in configuration")
 		}
 
+		rootPassword, ok := config.ConnectionDetails["password"].(string)
+		if !ok || rootPassword == "" {
+			return nil, fmt.Errorf("unable to rotate root credentials: no password in configuration")
+		}
+
 		dbi, err := b.GetConnection(ctx, req.Storage, name)
 		if err != nil {
 			return nil, err
diff --git a/changelog/19103.txt b/changelog/19103.txt
new file mode 100644
index 000000000..868db6226
--- /dev/null
+++ b/changelog/19103.txt
@@ -0,0 +1,3 @@
+```release-note:improvement
+secrets/database: Adds error message requiring password on root crednetial rotation.
+```
\ No newline at end of file