Configuring the AWS Secrets Manager on your Guardium system

Configure the AWS Secrets Manager on your Guardium® system. Each secret user must be configured on your Guardium system to access the AWS Secrets Manager.

Before you begin

Ensure that you have the access key ID, the secret access key, and the Role ARN, if applicable, for your secret user. For more information, see Selecting the authentication type and setting up roles.

Procedure

  1. Access Setup > Tools and Views > AWS Secrets Manager Configurations.
  2. Click New to open the Create New AWS Secrets Manager Configuration dialog.
  3. In the Name field, enter an arbitrary name for the configuration. This name is used to configure your Guardium datasources to access the AWS Secrets Manager.
  4. In the Secret key for username field, enter the exact value of the Secret Key label for the username field that is specified in your AWS Secrets Manager Secret value vault. If the label for username is user-defined, enter the user-defined value. The default value is username.
  5. In the Secret key for password field, enter the exact value of the Secret Key label for the password field that is specified in your AWS Secrets Manager Secret value vault. If the label for password is user-defined, enter the user-defined value. The default value is password.
  6. Select the Authentication type for your secret user. For more information on authentication types, see Selecting the authentication type and setting up roles.
  7. Depending on the type of authentication that you select, enter the AWS access key ID, the AWS secret access key ID, and the Role ARN.
    Note:
    • When you configure the IAM instance profile for the AWS Secrets Manager on your Guardium system, you can use the Role ARN that is assigned on the AWS Secrets Manager or optionally use an alternate Role ARN.
    • To monitor streams using different IAM roles, create an account for each IAM role.
  8. Click Save to save the configuration.

What to do next

Note the name of your configuration. This information is used when you define your datasources to retrieve credentials from the AWS Secrets Manager.