Secrets Management

Secure management of database credentials and sensitive configuration using secret managers.

Overview

The platform integrates with enterprise secret managers to avoid storing credentials in plain text:

HashiCorp Vault: Enterprise secret management
AWS Secrets Manager: AWS-native secrets
GCP Secret Manager: Google Cloud secrets
Azure Key Vault: Microsoft Azure secrets

HashiCorp Vault Integration

data_sources:
  input:
    url: jdbc:postgresql://host:5432/db
    username: ${vault:secret/data/db#username}
    password: ${vault:secret/data/db#password}

Configuration:

export VAULT_ADDR=https://vault.example.com
export VAULT_TOKEN=your-token

AWS Secrets Manager

data_sources:
  input:
    url: jdbc:postgresql://host:5432/db
    username: ${aws:prod/database#username}
    password: ${aws:prod/database#password}

See Also