Secret Managers
Several ways to provide database credential are supported.
Raw
Database credentials can be provided as raw unencrypted values:
{
"type": "raw",
"value": "${SOURCE_PASSWORD}"
}
Where:
-
type
: password provider type -
value
: raw password value
Google Secret Manager
Database credentials can be requested from Google Secret Manager:
{
"type": "gcp",
"project": "${GCP_PROJECT_ID}",
"secret": "${SECRET_ID}",
"version": "${VERSION_ID}"
}
Where:
-
type
: password provider type -
project
: GCP project ID -
secret
: Secret Manager secret ID -
version
: (optional, default – latest) Secret Manager secret version ID
Note
|
AWS Secrets Manager
Database credentials can be requested from AWS Secrets Manager:
{
"type": "aws",
"secret": "${SECRET_ID}",
"version": "${VERSION_ID}"
}
Where:
-
type
: password provider type -
secret
- The ARN or name of the secret to retrieve, -
version
(optional) - The unique identifier of the version of the secret to retrieve. If you don’t specify the version, then theAWSCURRENT
version is used.
Note
|