Configure the AWS Secrets Manager on your
Guardium®
system. Each secret user must be configured on your Guardium system to access the AWS Secrets Manager.
Procedure
-
Access .
- Click
to open the Create New AWS Secrets Manager Configuration dialog.
- In the Name field, enter an arbitrary name for the configuration.
This name is used to configure your Guardium datasources to access the AWS Secrets Manager.
- In the Secret key for username field, enter the exact value of the
Secret Key label for the username field that is specified
in your AWS Secrets Manager
Secret value vault. If the label for username is
user-defined, enter the user-defined value. The default value is
username.
- In the Secret key for password field, enter the exact value of the
Secret Key label for the password field that is specified
in your AWS Secrets Manager
Secret value vault. If the label for password is
user-defined, enter the user-defined value. The default value is
password.
- Select the Authentication type for your secret user. For more
information on authentication types, see Selecting the authentication type and setting up roles.
- Depending on the type of authentication that you select, enter the AWS access key ID, the
AWS secret access key ID, and the Role ARN.
Note:
- When you configure the IAM instance profile for the AWS Secrets Manager on your
Guardium system, you can use the Role ARN that is assigned on the AWS Secrets Manager or optionally
use an alternate Role ARN.
- To monitor streams using different IAM roles, create an account for each IAM
role.
- Click Save to save the configuration.
What to do next
Note the name of your configuration. This information is used when you define your
datasources to retrieve credentials from the AWS Secrets Manager.