diff --git a/sdk/database/dbplugin/v5/database.go b/sdk/database/dbplugin/v5/database.go
index a1393489f6..b73bd6858d 100644
--- a/sdk/database/dbplugin/v5/database.go
+++ b/sdk/database/dbplugin/v5/database.go
@@ -79,7 +79,7 @@ const SupportedCredentialTypesKey = "supported_credential_types"
 // supported by the database plugin. It can be used by database plugins
 // to communicate what CredentialType values it supports managing.
 func (ir InitializeResponse) SetSupportedCredentialTypes(credTypes []CredentialType) {
-	sct := make([]string, 0, len(credTypes))
+	sct := make([]interface{}, 0, len(credTypes))
 	for _, t := range credTypes {
 		sct = append(sct, t.String())
 	}
diff --git a/sdk/database/dbplugin/v5/grpc_client.go b/sdk/database/dbplugin/v5/grpc_client.go
index 06534b32af..e71c797948 100644
--- a/sdk/database/dbplugin/v5/grpc_client.go
+++ b/sdk/database/dbplugin/v5/grpc_client.go
@@ -81,8 +81,17 @@ func (c gRPCClient) NewUser(ctx context.Context, req NewUserRequest) (NewUserRes
 }
 
 func newUserReqToProto(req NewUserRequest) (*proto.NewUserRequest, error) {
-	if req.Password == "" {
-		return nil, fmt.Errorf("missing password")
+	switch req.CredentialType {
+	case CredentialTypePassword:
+		if req.Password == "" {
+			return nil, fmt.Errorf("missing password credential")
+		}
+	case CredentialTypeRSAPrivateKey:
+		if len(req.PublicKey) == 0 {
+			return nil, fmt.Errorf("missing public key credential")
+		}
+	default:
+		return nil, fmt.Errorf("unknown credential type")
 	}
 
 	expiration, err := ptypes.TimestampProto(req.Expiration)