Creating Secrets in AWS Secret Store

AWS Secret Store

The Apono Connector uses the the AWS Secret Store to connect to resource integration without storing any secrets .

Create a new secret for Apono

You can choose to use your CLI or Terraform

CLI

  • replace #REGION, #SECRET_NAME, #USERNAME and #PASSWORD
aws secretsmanager create-secret --name "#SECRET_NAME" --tags '[{"Key":"apono-connector-read","Value":"true"}]' --region #REGION --secret-string '{
    "username":"'"#USERNAME"'",
    "password":"'"#PASSWORD"'"
}'

Terraform

  • required providers: aws
  • replace #SECRET_NAME, #USERNAME and #PASSWORD
resource "aws_secretsmanager_secret" "#SECRET_NAME" {
  name = "#SECRET_NAME"
  // this tag allows apono connector role to read the secret with predefined policy 
  tags = {
    "apono-connector-read" = "true"
  }
}

resource "aws_secretsmanager_secret_version" "#SECRET_NAME" {
  secret_id     = aws_secretsmanager_secret.#SECRET_NAME.id
  secret_string = jsonencode({
    username = "#USERNAME",
    password = "#PASSWORD",
  })
}

Use an existing secret

If you prefer to use an existing secret, just add the following tag to the secret so the apono-connector could use it.

  • tag-name: apono-connector-read, value: true

Give Apono the Secret ID in the relevant integration

837

The secret is accessible only from the Connector in your environment