Configure Accounts to Use a Secret

Overview

Only SnapLogic dynamic accounts with expression-enabled fields can be used with Secrets Management. With a dynamic account, you can enter an expression to retrieve any secret stored in your secrets manager, such as an access token, a username, or a password.

These steps describe how to configure a dynamic account to use secrets.
  1. Create a new account or search for the account you want to update.
  2. In an expression-enabled field for which you have stored a secret, click the expression button ().
  3. Enter an expression that invokes secrets.read using values that correspond with your secrets management configuration.
    • AWS Secrets Manager
    • Azure Key Vault
    • CyberArk Conjur
    • HashiCorp Vault
     secrets.read("alias", "path/to/secret").name-of-secret
    where
    alias
    Authentication type Alias
    Role-based authentication with an EC2 instance DEFAULT_AWS
    Key-based authentication The name of the configuration defined in the secrets-config.json file.
    path/to/secret
    The path to the secret to retrieve.
    name-of-secret
    The key of the secret to retrieve.
     secrets.read("alias", "name-of-secret")
    where
    alias
    The name of the configuration defined in the secrets-config.json file.
    name-of-secret
    The key of the secret to retrieve.
     secrets.read("alias", "path/to/secret")['path/to/secret']
    where
    alias
    The name of the configuration defined in the secrets-config.json file.
    path/to/secret
    The path to the secret to retrieve.
     secrets.read("alias", "path/to/engine/path/to/secret").name-of-secret
    where
    alias
    The name of the configuration defined in the secrets-config.json file.
    path/to/engine
    The path to the secrets engine to use.
    path/to/secret
    The path to the secret to retrieve.
    name-of-secret
    The key of the secret to retrieve.
    Note: If you use version 2 of the HashiCorp KV Secrets Engine, enter path/to/engine and path/to/secret as separate parameters. 
     secrets.read("alias", "path/to/engine", "path/to/secret").name-of-secret
  4. Save the account.

The S3 Dynamic Account has several expression-enabled fields, including Access-key ID and Secret Key. You can store the values for these fields in AWS Secrets Manager with role-based authentication.

  1. Create the secrets in AWS Secrets Manager:
    • myaccesskey
    • mysecretkey
  2. Create or modify an S3 Dynamic Account.
    • In the Access-key ID field, click the expression button () and enter secrets.read("DEFAULT_AWS", "").myaccesskey.
    • In the Secret Key field, click the expression button () and enter secrets.read("DEFAULT_AWS", "").mysecretkey.