Secret Managers

Several ways to provide database credential are supported.

Raw

Database credentials can be provided as raw unencrypted values:

{
  "type": "raw",
  "value": "${SOURCE_PASSWORD}"
}

Where:

  • type: password provider type

  • value: raw password value

Google Secret Manager

Database credentials can be requested from Google Secret Manager:

{
  "type": "gcp",
  "project": "${GCP_PROJECT_ID}",
  "secret": "${SECRET_ID}",
  "version": "${VERSION_ID}"
}

Where:

  • type: password provider type

  • project: GCP project ID

  • secret: Secret Manager secret ID

  • version: (optional, default – latest) Secret Manager secret version ID

Note

SECRETS_GCP_SECRET_MANAGER_ENABLED property should be enabled, see Application properties

AWS Secrets Manager

Database credentials can be requested from AWS Secrets Manager:

{
  "type": "aws",
  "secret": "${SECRET_ID}",
  "version": "${VERSION_ID}"
}

Where:

  • type: password provider type

  • secret - The ARN or name of the secret to retrieve,

  • version (optional) - The unique identifier of the version of the secret to retrieve. If you don’t specify the version, then the AWSCURRENT version is used.

Note

SECRETS_AWS_SECRET_MANAGER_ENABLED property should be enabled, see Application properties