Secrets Management with AWS Secrets Manager
Overview
SnapLogic Secrets Management supports AWS Secrets Manager using:
- role-based authentication (Groundplex nodes must run on an EC2 instance and the secrets manager must be in the same region)
- key-based authentication (The Groundplex can fetch secrets from multiple AWS regions)
Both authentication types can be configured for the same Groundplex. The
alias
parameter passed to secrets.read
in Snap accounts determines which authentication
type will be used: - For role-based authentication, if you set the
alias
toDEFAULT_AWS
, a custom secrets-config.json file isn't required. However, if you want to restrict use of secrets to a specific SnapLogic project, you need to supply a secrets-config.json file and use the defined aliases in your Snap accounts. - For key-based authentication, set the
alias
parameter to the name a configuration defined in the secrets-config.json file.
Note:
- Only accounts with expression-enabled authentication fields work with Secrets Management. Expression-enabled fields have an expression button, .
- Restart each Groundplex node after creating or updating the secrets-config.json file.
The request Authorization header
contains the secret.
REST Snaps can preview a complete request.
You might want to limit access to users who have permission to view secrets.