Overview
Configure dynamic accounts to seamlessly retrieve secrets from your preferred secrets manager. You can enter an expression to retrieve any secret stored in your secrets manager, such as an access token, a username, or a password while configuring dynamic accounts.
- A SnapLogic project with one or more dynamic accounts (with expression-enabled fields).
- Secrets stored in your chosen secrets manager (For example, AWS Secrets Manager, Azure Key Vault).
To configure a dynamic account to use secrets:
- Create a new account or search for the account you want to update.
- In an expression-enabled field for which you have stored a secret, click the expression button ().
- Enter an expression that invokes
secrets.read
using values that correspond with your secrets management configuration.
- AWS Secrets Manager
- Azure Key Vault
- CyberArk Conjur
- HashiCorp Vault
secrets.read("alias", "path/to/secret").name-of-secret
where
- alias
-
Authentication type |
Alias |
Role-based authentication with an EC2 instance |
DEFAULT_AWS |
Key-based authentication |
The name of the configuration defined in the
secrets-config.json file. |
- path/to/secret
- The path to the secret to retrieve.
- name-of-secret
- The key of the secret to retrieve.
secrets.read("alias", "name-of-secret")
where
- alias
- The name of the configuration defined in the
secrets-config.json file.
- name-of-secret
- The key of the secret to retrieve.
secrets.read("alias", "path/to/secret")['path/to/secret']
where
- alias
- The name of the configuration defined in the
secrets-config.json file.
- path/to/secret
- The path to the secret to retrieve.
secrets.read("alias", "path/to/engine/path/to/secret").name-of-secret
where
- alias
- The name of the configuration defined in the
secrets-config.json file.
- path/to/engine
- The path to the secrets engine to use.
- path/to/secret
- The path to the secret to retrieve.
- name-of-secret
- The key of the secret to retrieve.
-
Click Validate, if applicable, to verify the connection details.
-
Click Apply to save the account.
The S3 Dynamic Account has several expression-enabled fields, including Access-key ID and Secret Key.
You can store the values for these fields in AWS Secrets Manager with role-based authentication.
- Create the secrets in AWS Secrets Manager:
- Create or modify an S3 Dynamic Account.
- In the Access-key ID field, click the expression button () and enter
secrets.read("DEFAULT_AWS", "").myaccesskey
.
- In the Secret Key field, click the expression button () and enter
secrets.read("DEFAULT_AWS", "").mysecretkey
.