Creating Secrets for Apono in AWS Secret Store
A connector uses a secret to connect Apono to resources without storing any credentials. For AWS-based integrations, secrets are created and managed through the AWS Secret Store.
You can use one of three methods to prepare a secret for use with your integration:
Terraform: (Recommended) Provision and manage your secrets through configuration files and commands.
Command Line Interface (CLI): Use a command-line shell with the AWS CLI.
Existing Secret: Use an existing secret.
The following sections explain how to execute each method.
Terraform
This method uses Terraform configuration files and commands to manage your secrets for resource integration via an Apono connector.
Prerequisites
Item | Description |
---|---|
Terraform | Tool to provision and manage infrastructure available from HashiCorp Once Terraform is installed, the following items must be defined and configured: |
Region | Location of the instance of the integration Set this value when configuring the AWS Provider in Terraform. |
Integration Credentials | Credentials for the instance of the integration used to replace the |
Terraform Secret Creation
Use the following steps to create a secret through Terraform:
Copy the following snippet into the .tf file for managing your Terraform resources.
Replace the placeholders:
#SECRET_NAME
: Unique identifier. This value is used as the connector credential in the Apono UI.KEY1
&VALUE1
: Replace these placeholders with the username or account identifier for the integration instance. The user must have admin level privileges.KEY2
&VALUE2
: Replace these placeholder with the password or other account credential for the user.
Once terraform apply
has been successfully run and the secret created, the secret will be listed in and can be managed from the AWS Secrets Manager console.
CLI
This method uses AWS CLI to provide a streamlined, secure pathway to manage your secrets for resource integration via an Apono connector.
Prerequisites
Items | Notes |
---|---|
AWS Command Line Interface (AWS CLI) | Open source tool enabling interacting with AWS services using commands in your command-line shell available from AWS |
Region | Location of the instance of the integration |
Integration Credentials | Credentials for the instance of the integration used to replace the |
CLI Secret Creation
User the following steps to create a secret through the AWS CLI
Copy the following command into a text editor.
Replace the placeholders:
#SECRET_NAME
: Unique identifier. This value is used as the connector credential in the Apono UI.#REGION
: Replace this placeholder with the region.KEY1
&VALUE1
: Replace these placeholders with the username or account identifier for the integration instance. The user must have admin level privileges.KEY2
&VALUE2
: Replace these placeholder with the password or other account credential for the user
In the command-line interface of your local machine, paste and run the edited command.
When the secret is successfully generated, the AWS CLI provides a JSON response containing details about the newly created secret, resembling the following structure.
The secret will be listed in and can be managed from the AWS Secrets Manager console.
Existing Secret
You can use an existing secret. To enable an Apono connector to use an existing secret, add a tag with the following key and value information:
Key:
apono-connector-read
Value:
true
Last updated