--- layout: docs page_title: IBM Db2 - Database - Credentials description: |- Manage credentials for IBM Db2 using Vault's LDAP secrets engine. --- # IBM Db2 Access to Db2 is managed by facilities that reside outside the Db2 database system. By default, user authentication is completed by a security facility that relies on operating system based authentication of users and passwords. This means that the lifecycle of user identities in Db2 aren't capable of being managed using SQL statements and Vault's database secrets engine. To provide flexibility in accommodating authentication needs, Db2 ships with authentication [plugin modules](https://www.ibm.com/docs/en/db2/11.5?topic=ins-ldap-based-authentication-group-lookup-support) for Lightweight Directory Access Protocol (LDAP). This enables the Db2 database manager to authenticate users and obtain group membership defined in an LDAP directory, removing the requirement that users and groups be defined to the operating system. Vault's [LDAP secrets engine](/docs/secrets/ldap) can be used to manage the lifecycle of credentials for Db2 environments that have been configured to delegate user authentication and group membership to an LDAP server. ## Tutorial Refer to the [IBM Db2 Credential Management](https://learn.hashicorp.com/tutorials/vault/ibm-db2-openldap) tutorial to learn how to use Vault to manage both static and dynamic credentials for access to Db2.