Contact Us 1-800-596-4880

Amazon Secrets Manager Properties Provider Examples

The following examples enable you how to configure Amazon Secrets Manager Properties Provider to retrieve your secrets from Amazon Secrets Manager cloud service

Configure AWS Connection Types

Anypoint Connectors can use Amazon Secrets Manager Properties Provider in their configurations. The following example illustrates how to configure the AWS connection type in the AWS Secrets Manager Properties Override Config of Anypoint Studio:

  1. In Studio, navigate to the Global Elements tab.

  2. Click Create.

  3. In the Choose Global Type window, type AWS Secrets Manager.

  4. Select AWS Secrets Manager Properties Override Config.

  5. Click OK.

  6. In the Global Element Properties window, you can configure the following fields:

Name Type Description Default Value Required

AWS Secrets Manager Region

String

AWS Secrets Manager region, for example, us-east-2.

x

AWS Access Key

String

AWS access key ID.

AWS Secret Key a

String

AWS secret key ID.

Role ARN

String

Uniquely identifies a role to gain cross-account access.

Example of Amazon Secrets Manager Properties Provider in Global Element Properties window of Anypoint Studio

In the Configuration XML editor, the configuration looks like this:

<aws-secrets-manager-properties-override:config name="AWS_Secrets_Manager_Properties_Override_Config" doc:name="AWS Secrets Manager Properties Override Config" >
		<aws-secrets-manager-properties-override:basic-connection region="us-east-1" />
		<aws-secrets-manager-properties-override:role-connection roleARN="arn:aws:iam::480410955647:role/AmazonSSMRoleForAutomationAssumeQuickSetup" />
	</aws-secrets-manager-properties-override:config>

If you do not provide credentials, the default AWS connection follows the default credentials provider chain - AWS SDK for Java 2.x.

Configure AWS Secrets Manager Using a JSON String

The following example shows how to configure the Amazon Secrets Manager Properties Provider for Amazon S3 Connector by using a JSON string where you create the secret manager keys.

Based on a JSON file that contains accessKey and secretKey:

aws secretsmanager create-secret --name aws-credentials   --secret-string '{"accessKey":"ACCESSKEY", "secretKey":"SECRET"}'
  1. In the Amazon S3 Configuration global element properties window, select fx to set expression values.

  2. Set Access Key to ${aws-secrets::aws-credentials}.accessKey.

  3. Set Secret Key to ${aws-secrets::aws-credentials}.secretKey.

Example of Amazon Secrets Manager Properties Provider configuration for Amazon S3 Connector with JSON expression

In the Configuration XML editor, the configuration looks like this:

<s3:config name="Amazon_S3_Configuration" doc:name="Amazon S3 Configuration">
		<s3:connection accessKey="#[${aws-secrets::aws-credentials}.accessKey]" secretKey="#[${aws-secrets::aws-credentials}.secretKey]" />
	</s3:config>

Configure AWS Secrets Manager as a String

The following example shows how to configure the secret manager keys as a string for Amazon S3 Connector.

Based on the following string:

aws secretsmanager create-secret --name accessKey  --secret-string "ACCESSKEY"
aws secretsmanager create-secret --name secretKey  --secret-string "SECRET"

In the Amazon S3 Configuration global element properties window:

  1. Set Access Key to ${aws-secrets::accessKey}.

  2. Set Secret Key to ${aws-secrets::secretKey}.

Example of Amazon Secrets Manager Properties Provider configuration for Amazon S3 Connector with a string value

In the Configuration XML editor, the configuration looks like this:

<s3:config name="Amazon_S3_Configuration" doc:name="Amazon S3 Configuration" >
		<s3:connection accessKey="${aws-secrets::accessKey}" secretKey="${aws-secrets::secretKey}" />
	</s3:config>
View on GitHub