diff --git a/profiles/dev/config.properties b/profiles/dev/config.properties
index a81c338..fbe86bd 100644
--- a/profiles/dev/config.properties
+++ b/profiles/dev/config.properties
@@ -49,4 +49,5 @@ db.port=6432
 db.name=authdb
 db.username=dbauth
 db.password=authpassword
+db.hasura.username=dbhasura
 db.session.schema=public
diff --git a/profiles/integration-test/config.properties b/profiles/integration-test/config.properties
index 09ff8ad..93f701d 100644
--- a/profiles/integration-test/config.properties
+++ b/profiles/integration-test/config.properties
@@ -48,3 +48,4 @@ logoutpage.url=https://mylogout.myhost.mydomain:9012
 # Data source config (persistent sessions)
 ############################################
 session.enabled=false
+db.hasura.username=dbhasura
diff --git a/profiles/prod/config.properties b/profiles/prod/config.properties
index 7fa063a..8e3e53c 100644
--- a/profiles/prod/config.properties
+++ b/profiles/prod/config.properties
@@ -46,4 +46,5 @@ db.port=5432
 db.name=
 db.username=
 db.password=
+db.hasura.username=
 db.session.schema=
diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties
index 6b0c212..d650866 100644
--- a/src/main/resources/application.properties
+++ b/src/main/resources/application.properties
@@ -56,6 +56,7 @@ db.port=@db.port@
 db.name=@db.name@
 db.username=@db.username@
 db.password=@db.password@
+db.hasura.username=@db.hasura.username@
 db.session-schema=@db.session.schema@
 
 ############################################
@@ -65,3 +66,5 @@ spring.flyway.enabled=true
 spring.flyway.baseline-on-migrate=true
 spring.flyway.schemas=@db.session.schema@
 spring.flyway.locations=classpath:db/migration
+spring.flyway.placeholders.dbUsername=${db.username}
+spring.flyway.placeholders.dbHasuraUsername=${db.hasura.username}
diff --git a/src/main/resources/db/migration/V2__usernames_from_secrets.sql b/src/main/resources/db/migration/V2__usernames_from_secrets.sql
new file mode 100644
index 0000000..017a7eb
--- /dev/null
+++ b/src/main/resources/db/migration/V2__usernames_from_secrets.sql
@@ -0,0 +1,12 @@
+-- Grant permissions to login_audit table using secrets
+DO $$
+BEGIN
+    IF EXISTS (SELECT FROM pg_roles WHERE rolname = '${dbUsername}') THEN
+        GRANT SELECT, INSERT ON login_audit TO ${dbUsername};
+        GRANT USAGE, SELECT ON SEQUENCE login_audit_id_seq TO ${dbUsername};
+    END IF;
+    IF EXISTS (SELECT FROM pg_roles WHERE rolname = '${dbHasuraUsername}') THEN
+        GRANT SELECT ON login_audit TO ${dbHasuraUsername};
+        GRANT USAGE, SELECT ON SEQUENCE login_audit_id_seq TO ${dbHasuraUsername};
+    END IF;
+END $$;