Secrets Management with AWS Secrets Manager
Overview
SnapLogic Secrets Management supports AWS Secrets Manager using:
- role-based authentication with an EC2 instance
- key-based authentication
Both authentication types can be configured in the same Groundplex.
The authentication that is actually used depends on the
alias
parameter passed to secrets.read
in an expression in the account.
- Role-based authentication is used if the
alias
parameter is set toDEFAULT_AWS
. A custom secrets-config.json file is not required. - Key-based authentication is used if the
alias
parameter is set to the name of any configuration defined in the custom secrets-config.json file.
Note:
- Only dynamic account types, those with expression-enabled fields, work with a secrets manager. If the account type you need is not dynamic, contact your CSM.
- To pick up changes to the secret-config.json file, you must restart the Snaplex node by restarting the JCC service.
If a user has access to the secrets, the secrets can be viewed in REST Snap previews and in responses.