AWS Secret Manager

Use Secret Manager

AWS Secrets Manager is a secrets management service that helps you protect access to your applications, services, and IT resources. This service enables you to easily rotate, manage, and retrieve database credentials, API keys, and other secrets throughout their lifecycle. We are enabling torch to make use of AWS Secrets Manager to store your secrets. Acceldata provides the option to store integration credentials in your AWS account using Secrets Manager.

Follow the below steps to create secrets in AWS:

1. Login to your AWS account.
2. Search for Secrets Manager.
3. Click Store a new secret.

4. Select Other type of secrets and add a key with a value representing the actual secret value like a password of a database user and click Next.

5. Give the secret a meaningful name, description and add any tags. Then click Next.

How do I enable ADOC to read from AWS Secret Manager?

You can configure secrets manager configuration during Deploying the Data Plane or while completing the installation.

1. Upload the following secret manager configuration file in JSON format:

[

​

  {

​

    "name": "<Name to identify the secret manager to use in torch>",

​

    "type": "AWS_SECRETS_MANAGER",

​

    "details": {

​

      "secretName": "<Secret Name which is created in AWS Secret Manager>",

​

      "accessKey": "<AWS access Key>",

​

      "secretKey": "<AWS Secret Key>",

​

      "region": "<AWS Region where secret is created>"

​

    }

​

  }

​

]

The above configuration file is a JSON array, where each element represents a secret configuration. There are 2 ways in which ADOC can authenticate itself to AWS Secrets Manager.

a) Providing the accessKey details of an IAM User who has the permission to read the Secret

b) Leaving the accessKey and secretKey fields as empty and ADOC assumes that there is a IAM Role attached to the NodeGroup of EKS Cluster which has the permission to read the Secret(EC2InstanceProfile).

Refer to the following document for IAM Policies to be attached to the NodeGroups IAM Policy Examples and ASM Secrets.

2. Copy the S3 URI of the files uploaded in Step 1.
3. Navigate back to ADOC setup and complete the data plane setup. For more information, see Installation of Dataplane on AWS.