diff --git a/builtin/logical/database/path_creds_create.go b/builtin/logical/database/path_creds_create.go
index ff1de51dabf3..16a56823ae47 100644
--- a/builtin/logical/database/path_creds_create.go
+++ b/builtin/logical/database/path_creds_create.go
@@ -56,7 +56,7 @@ func (b *databaseBackend) pathCredsCreateRead() framework.OperationFunc {
 
 		// Grab the read lock
 		b.RLock()
-		var unlockFunc func() = b.RUnlock
+		unlockFunc := b.RUnlock
 
 		// Get the Database object
 		db, ok := b.getDBObj(role.DBName)
@@ -83,9 +83,8 @@ func (b *databaseBackend) pathCredsCreateRead() framework.OperationFunc {
 
 		// Create the user
 		username, password, err := db.CreateUser(ctx, role.Statements, usernameConfig, expiration)
-		// Unlock
-		unlockFunc()
 		if err != nil {
+			unlockFunc()
 			b.closeIfShutdown(role.DBName, err)
 			return nil, err
 		}
@@ -98,6 +97,8 @@ func (b *databaseBackend) pathCredsCreateRead() framework.OperationFunc {
 			"role":     name,
 		})
 		resp.Secret.TTL = role.DefaultTTL
+
+		unlockFunc()
 		return resp, nil
 	}
 }
diff --git a/builtin/logical/database/secret_creds.go b/builtin/logical/database/secret_creds.go
index f1b50142c79e..8f2a7b9a4a3e 100644
--- a/builtin/logical/database/secret_creds.go
+++ b/builtin/logical/database/secret_creds.go
@@ -50,7 +50,7 @@ func (b *databaseBackend) secretCredsRenew() framework.OperationFunc {
 
 		// Grab the read lock
 		b.RLock()
-		var unlockFunc func() = b.RUnlock
+		unlockFunc := b.RUnlock
 
 		// Get the Database object
 		db, ok := b.getDBObj(role.DBName)
@@ -71,14 +71,14 @@ func (b *databaseBackend) secretCredsRenew() framework.OperationFunc {
 		// Make sure we increase the VALID UNTIL endpoint for this user.
 		if expireTime := resp.Secret.ExpirationTime(); !expireTime.IsZero() {
 			err := db.RenewUser(ctx, role.Statements, username, expireTime)
-			// Unlock
-			unlockFunc()
 			if err != nil {
+				unlockFunc()
 				b.closeIfShutdown(role.DBName, err)
 				return nil, err
 			}
 		}
 
+		unlockFunc()
 		return resp, nil
 	}
 }
@@ -109,7 +109,7 @@ func (b *databaseBackend) secretCredsRevoke() framework.OperationFunc {
 
 		// Grab the read lock
 		b.RLock()
-		var unlockFunc func() = b.RUnlock
+		unlockFunc := b.RUnlock
 
 		// Get our connection
 		db, ok := b.getDBObj(role.DBName)
@@ -127,14 +127,13 @@ func (b *databaseBackend) secretCredsRevoke() framework.OperationFunc {
 			}
 		}
 
-		err = db.RevokeUser(ctx, role.Statements, username)
-		// Unlock
-		unlockFunc()
-		if err != nil {
+		if err := db.RevokeUser(ctx, role.Statements, username); err != nil {
+			unlockFunc()
 			b.closeIfShutdown(role.DBName, err)
 			return nil, err
 		}
 
+		unlockFunc()
 		return resp, nil
 	}
 }