Creating a secret key

Create and configure a secret name and secret access key for the secret user on the AWS management console.

Before you begin

Ensure that you have the secret username and password that you used to create a secret user. For more information, see Creating a secret user.

Procedure

  1. Log in to the Amazon AWS management console and ensure that you are connected to the relevant data center.
  2. Access Services > Security, Identity, & Compliance > Secrets Manager to view, edit, or create a secret.
  3. Edit a secret by clicking the Secret name. To create a secret, click Store a new secret.
  4. Select the secret type by clicking Credentials for RDS database.
  5. Enter the secret username and password.
  6. Use the DefaultEncryptionKey to encrypt your secret information.
  7. Choose your RDS database and click Next.
  8. Enter a Secret name and description. This secret name is used in the Guardium® datasource definition to reference your datasource and retrieve the datasource credentials.
  9. Select Enable automatic rotation and select the required rotation interval from the drop-down.
  10. Select Create a new Lambda function to perform rotation.
  11. In the SecretsManager field, enter your secret name.
  12. Under Select which secret will be used to perform the rotation select Use this secret. Then, click Next.
  13. Review your entries, then click Store.

Results

You can now click the Secret name to do the following:
  • View the username and password by clicking Retrieve secret value.
  • Change the password for the secret user, if required, by clicking Rotate secret immediately.

What to do next

Note the name of the secret. This information is used when you define your datasources to retrieve credentials from the AWS Secrets Manager.