Overview
Only SnapLogic dynamic accounts with expression-enabled fields can be used with Secrets Management.
With a dynamic account, you can enter an expression to retrieve any secret stored in your secrets manager, such as an access token, a username, or a password.
These steps describe how to configure a dynamic account to use secrets.
- Create a new account or search for the account you want to update.
- In an expression-enabled field for which you have stored a secret, click the expression button (
). - Enter an expression that invokes
secrets.read
using values that correspond with your secrets management configuration.
- AWS Secrets Manager
- Azure Key Vault
- CyberArk Conjur
- HashiCorp Vault
secrets.read("alias", "path/to/secret").name-of-secret
where
- alias
-
Authentication type |
Alias |
Role-based authentication with an EC2 instance |
DEFAULT_AWS |
Key-based authentication |
The name of the configuration defined in the secrets-config.json file. |
- path/to/secret
- The path to the secret to retrieve.
- name-of-secret
- The key of the secret to retrieve.
secrets.read("alias", "name-of-secret")
where
- alias
- The name of the configuration defined in the secrets-config.json file.
- name-of-secret
- The key of the secret to retrieve.
secrets.read("alias", "path/to/secret")['path/to/secret']
where
- alias
- The name of the configuration defined in the secrets-config.json file.
- path/to/secret
- The path to the secret to retrieve.
secrets.read("alias", "path/to/engine/path/to/secret").name-of-secret
where
- alias
- The name of the configuration defined in the secrets-config.json file.
- path/to/engine
- The path to the secrets engine to use.
- path/to/secret
- The path to the secret to retrieve.
- name-of-secret
- The key of the secret to retrieve.
- Save the account.
The S3 Dynamic Account has several expression-enabled fields, including Access-key ID and Secret Key.
You can store the values for these fields in AWS Secrets Manager with role-based authentication.
- Create the secrets in AWS Secrets Manager:
- Create or modify an S3 Dynamic Account.
- In the Access-key ID field, click the expression button (
) and enter secrets.read("DEFAULT_AWS", "").myaccesskey
.
- In the Secret Key field, click the expression button (
) and enter secrets.read("DEFAULT_AWS", "").mysecretkey
.