Creating Secrets in AWS Secret Store

A connector uses a secret to connect Apono to resources without storing any credentials. For AWS-based integrations, secrets are created and managed through the AWS Secret Store.

You can use one of three methods to prepare a secret for use with your integration:

• Terraform: (Recommended) Provision and manage your secrets through configuration files and commands.
• Command Line Interface (CLI): Use a command-line shell with the AWS CLI.
• Existing Secret: Use an existing secret.

The following sections explain how to execute each method.

Terraform

This method uses Terraform configuration files and commands to manage your secrets for resource integration via an Apono connector.

Prerequisites

Terraform Secret Creation

Use the following steps to create a secret through Terraform:

1. Copy the following snippet into the .tf file for managing your Terraform resources.

resource "aws_secretsmanager_secret" "#SECRET_NAME" {
  name = "#SECRET_NAME"
  // This tag allows the Apono connector role to read the secret with predefined policy 
  tags = {
    "apono-connector-read" = "true"
  }
}

resource "aws_secretsmanager_secret_version" "#SECRET_NAME" {
  secret_id     = aws_secretsmanager_secret.#SECRET_NAME.id
  secret_string = jsonencode({
    KEY1 = "VALUE1",
    KEY2 = "VALUE2"
  })
}

2. Replace the placeholders:
   • #SECRET_NAME: Unique identifier. This value is used as the connector credential in the Apono UI.
   • KEY1 & VALUE1: Replace these placeholders with the username or account identifier for the integration instance. The user must have admin level privileges.
   • KEY2 & VALUE2: Replace these placeholder with the password or other account credential for the user.

3. At the terminal prompt in the same folder as the .tf file, run the plan and apply commands.

Once terraform apply has been successfully run and the secret created, the secret will be listed in and can be managed from the AWS Secrets Manager console.

CLI

This method uses AWS CLI to provide a streamlined, secure pathway to manage your secrets for resource integration via an Apono connector.

Prerequisites

CLI Secret Creation

User the following steps to create a secret through the AWS CLI

1. Copy the following command into a text editor.

aws secretsmanager create-secret \
--name "#SECRET_NAME" \
--tags '[{"Key":"apono-connector-read","Value":"true"}]' \
--region #REGION \
--secret-string '{\"KEY1\":\"VALUE1\",\"KEY2\":\"VALUE2\"}'

2. Replace the placeholders:
   • #SECRET_NAME: Unique identifier. This value is used as the connector credential in the Apono UI.
   • #REGION: Replace this placeholder with the region.
   • KEY1 & VALUE1: Replace these placeholders with the username or account identifier for the integration instance. The user must have admin level privileges.
   • KEY2 & VALUE2: Replace these placeholder with the password or other account credential for the user

3. In the command-line interface of your local machine, paste and run the edited command.

When the secret is successfully generated, the AWS CLI provides a JSON response containing details about the newly created secret, resembling the following structure.

{
   "ARN": "arn:aws:secretsmanager:your-region:your-account-id:secret:your-secret-name-XYZ",
   "Name": "your-secret-name",
   "VersionId": "example-version-id"
}

The secret will be listed in and can be managed from the AWS Secrets Manager console.

Existing Secret

You can use an existing secret. To enable an Apono connector to use an existing secret, add a tag with the following key and value information:

• Key: apono-connector-read
• Value: true