Secrets Management with AWS Secrets Manager
SnapLogic Secrets Management supports AWS Secrets Manager using role or key-based authentication.
SnapLogic Secrets Management supports AWS Secrets
Manager using a Groundplex with:
- role-based authentication (Groundplex nodes must run on an EC2 instance and the secrets manager must be in the same region)
- key-based authentication (The Groundplex can fetch secrets from multiple AWS regions)
Both authentication types can be configured for the same Groundplex. The
alias
parameter passed to secrets.read in endpoint accounts determines which authentication
type will be used: - For role-based authentication, if you set the
aliastoDEFAULT_AWS, a custom secrets-config.json file isn't required. However, if you want to restrict use of secrets to a specific SnapLogic project, you need to supply a secrets-config.json file and use the defined aliases in your Snap accounts. - For key-based authentication, set the
aliasparameter to the name a configuration defined in the secrets-config.json file.
Note:
- Only accounts with expression-enabled authentication fields
work with Secrets Management. Expression-enabled fields have an expression button,
. - Restart each Groundplex node after creating or updating the secrets-config.json file.
The request Authorization header contains
the secret. Because REST Snaps can preview a complete request, you might want to limit access to
resources that use secrets.