Configure Accounts to Use a Secret

Overview

Configure dynamic accounts to seamlessly retrieve secrets from your preferred secrets manager. You can enter an expression to retrieve any secret stored in your secrets manager, such as an access token, a username, or a password while configuring dynamic accounts.

  • A SnapLogic project with one or more dynamic accounts (with expression-enabled fields).
  • Secrets stored in your chosen secrets manager (For example, AWS Secrets Manager, Azure Key Vault).
To configure a dynamic account to use secrets:
  1. Create a new account or search for the account you want to update.
  2. In an expression-enabled field for which you have stored a secret, click the expression button ().
  3. Enter an expression that invokes secrets.read using values that correspond with your secrets management configuration.
    • AWS Secrets Manager
    • Azure Key Vault
    • CyberArk Conjur
    • HashiCorp Vault
     secrets.read("alias", "path/to/secret").name-of-secret
    where
    alias
    Authentication type Alias
    Role-based authentication with an EC2 instance DEFAULT_AWS
    Key-based authentication The name of the configuration defined in the secrets-config.json file.
    path/to/secret
    The path to the secret to retrieve.
    name-of-secret
    The key of the secret to retrieve.
     secrets.read("alias", "name-of-secret")
    where
    alias
    The name of the configuration defined in the secrets-config.json file.
    name-of-secret
    The key of the secret to retrieve.
     secrets.read("alias", "path/to/secret")['path/to/secret']
    where
    alias
    The name of the configuration defined in the secrets-config.json file.
    path/to/secret
    The path to the secret to retrieve.
     secrets.read("alias", "path/to/engine/path/to/secret").name-of-secret
    where
    alias
    The name of the configuration defined in the secrets-config.json file.
    path/to/engine
    The path to the secrets engine to use.
    path/to/secret
    The path to the secret to retrieve.
    name-of-secret
    The key of the secret to retrieve.
    Note: If you use version 2 of the HashiCorp KV Secrets Engine, enter path/to/engine and path/to/secret as separate parameters. 
     secrets.read("alias", "path/to/engine", "path/to/secret").name-of-secret
  4. Click Validate, if applicable, to verify the connection details.
  5. Click Apply to save the account.

The S3 Dynamic Account has several expression-enabled fields, including Access-key ID and Secret Key. You can store the values for these fields in AWS Secrets Manager with role-based authentication.

  1. Create the secrets in AWS Secrets Manager:
    • myaccesskey
    • mysecretkey
  2. Create or modify an S3 Dynamic Account.
    • In the Access-key ID field, click the expression button () and enter secrets.read("DEFAULT_AWS", "").myaccesskey.
    • In the Secret Key field, click the expression button () and enter secrets.read("DEFAULT_AWS", "").mysecretkey.