Secrets Management with AWS Secrets Manager
Overview
SnapLogic Secrets Management supports AWS Secrets Manager using:
- role-based authentication (Groundplex nodes must run on an EC2 instance)
- key-based authentication
Both authentication types can be configured for the same Groundplex. The
alias
parameter passed to secrets.read in Snap accounts determines which authentication
type will be used: - For role-based authentication, if you set the
aliastoDEFAULT_AWS, a custom secrets-config.json file isn't required. However, if you want to restrict use of secrets to a specific SnapLogic project, you need to supply a secrets-config.json file and use the defined aliases in your Snap accounts. - For key-based authentication, set the
aliasparameter to the name a configuration defined in the secrets-config.json file.
Note:
- Only accounts with expression-enabled authentication fields
work with Secrets Management. Expression-enabled fields have an expression button,
. - Restart each Groundplex node after creating or updating the secrets-config.json file.
If a user has access to the secrets, the secrets can be viewed in REST Snap previews and in responses.