When you add a data connection you can use Amazon Web Services Secrets Manager to store, manage, and retrieve secrets. Alternatively, you can use the Datagrok's Credentials Management Service.
Setting up connection with AWS Secrets Manager
- In Datagrok:
- A user role with create connections and edit connections privileges.
- In AWS:
- An existing secret. For information on how to create a secret, see Amazon's documentation.
- Permissions that allow you to view secrets in AWS Secrets Manager.
To use the AWS Secrets Manager in a database connection, follow these steps:
Step 1. Set up a connection to the AWS Secrets Manager.
Go to Data > Databases.
In the Toolbox under Actions, select Add new connection… to open the Add new connection dialog.
In the dialog under the Data Source, select AWS from the list of options.
Paste the secret key and access key in the fields provided, name the connection, and fill in other connection parameters as appropriate.
Click TEST to test the connection, then click OK to save it. If the connection fails, verify your secrets details.
Step 2. Create a connection that will use the AWS Secrets Manager.
- Open the Add new connection dialog by repeating the actions described in Step 1 above.
- In the Add new connection dialog, under Credentials, select the name of the connection that you created in Step 1.
- Enter the Secret Name and other connection parameters in the fields provided.
You can set up connections to the AWS Secrets Managers for different user groups. Each connection has its own set of credentials which are stored in the Cloud Manager and which are identified by the specified Datagrok connection name and the Secret Name. The Secret Name is defined within the AWS Secrets Manager.
- Click Test to test the connection, then click OK to save it. If the connection fails, verify your connection details and that you added Datagrok's IP addresses to your allowlist.
For more information about using the AWS Secrets Manager, see the Amazon Web Services Secrets Manager User Guide.