AcademyCustomer Portal

AWS Secrets Manager

Log in to the AWS Console and create an IAM Role as per the screen below.Amazon Web Services (AWS) Secret Manager helps you to securely store and manage passwords, database strings, and API keys. Secrets can be stored, managed, and retrieved conveniently and securely through a central repository.

For more information, please refer to AWS Secret Manager

Overview

Connector Features

Feature
Availability

Crawling of Metadata Objects

Not Supported

Profiling

Not Supported

Query Sheet

Not Supported

Data Preview

Not Supported

Lineage

Not Supported

Authentication via Credential Manager

Supported

Data Quality

Not Supported

DAM (Data Access Management)

Not Supported

Bridge

Supported

Set up a Connection

Prerequisites

AWS Secrets Manager supports two types of Authentication.

IAM User Authentication

Using IAM User Authentication, you can generate an Access Key, Secret Key, Secret Manager, and Secrets Manager Region.

  1. Log in to the AWS Console.

  2. In the Specify user details page, enter ‘User name,’ then click Next.

  3. In the Set permissions page, select the ‘Attach policies directly’ button and select the SecretsManagerReadAccess.

  4. Click Next.

  5. Click Create User.

  6. Navigate to the created user as shown below.

  7. Click Create Access Key.

  8. Click Next, then Create.

  9. Copy the generated Access Key and Secret Key, then click Done.

Generating Secret Name

  1. Log in to the AWS Console.

  2. In the search bar, search for Secrets Manager, then select Store a new secret.

  3. Select the ‘Other type of secret’ button and enter Key/value pairs as shown below.

  4. Click Next.

  5. On the Configure Secret page, enter the Secret name, and then click Next.

  6. Review the details and then click Store.

  7. A secret name will be created.

Secrets Manager Region

Specify the region where the Secrets Manager was created in the connector validation section.

Role Based Authentication

  1. Log in to the AWS Console and create an IAM Role as per the screen below.

  2. Attach Secret Manager Permissions.

  3. Create an Inline policy in IAM Permissions as per the provided below.

IAM role with read-only access to AWS Secrets Manager, attach a policy like the following JSON to the role.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "secretsmanager:GetSecretValue",
                "secretsmanager:DescribeSecret",
                "secretsmanager:ListSecrets"
            ],
            "Resource": "*"
        }
    ]
}

  1. Name and create the role. Specify a name for the role and complete the creation process.

  2. Go to the OvalEdge application running the EC2 Instance and then navigate to the below-mentioned configuration steps. Go to Actions > Security > Modify IAM Role for the EC2 instance.

Secret Manager Creation Process

  1. In the search bar, search for Secrets Manager then select Store a new secret.

  2. Select the ‘Other type of secret’ button and enter Key/value pairs as shown below.

  3. Click Next.

  4. On the Configure Secret page, enter the Secret name, and then click Next.

  5. Review the details and then click Store.

  6. Secret Name will be created.

  7. Assign Role to EC2. Select the created role and update it for the instance.

  8. Validate in OvalEdge. In the OvalEdge application, validate the Secret Manager connection by entering the role ARN in the connector section.

Connection Configuration Steps

Only a user with a Connector Creator role can set up a connection in OvalEdge.

  1. Log into OvalEdge, go to Administration > Connectors, click + (New Connector), search for AWS Secrets Manager, and complete the specific parameters.

Fields marked with an asterisk (*) are mandatory for establishing a connection.

Field Name
Description

Connector Type

By default, "AWS Secrets Manager" is displayed as the selected connector type.

Authentication*

Select Authentication from the drop-down list.

  • IAM User Authentication

  • Role Based Authentication

IAM User Authentication

License Add Ons

OvalEdge connectors have a default license add-on for data crawling and profiling.

Connector Name*

Enter a unique name for the AWS Secrets Manager connection

(Example: "AWSSecrets_Prod").

Connector Environment

Select the environment (Example: PROD, STG) configured for the connector.

Access key*

Enter Access Key.

Secret key*

Enter Secret Key.

Secrets Manager Region*

Enter Secrets Manager Region.

Secret Name

Enter Secret Name.

Role Based Authentication

License Add Ons

OvalEdge connectors have a default license add-on for data crawling and profiling.

Connector Name*

Enter a unique name for the AWS Secrets Manager connection

(Example: "AWSSecrets_Prod").

Connector Environment

Select the environment (Example: PROD, STG) configured for the connector.

Cross-Account Role ARN

Enter Cross-Account Role ARN.

Secrets Manager Region*

Enter Secrets Manager Region.

Secret Name

Enter Secret Name.

Default Governance Roles*

Select the appropriate users or teams for each governance role from the dropdown list. All users and teams configured in OvalEdge Security are displayed for selection.

Admin Roles*

Select one or more users from the dropdown list for Integration Admin and Security and Governance Admin. All users configured in OvalEdge Security are available for selection.

No Of Archive Objects*

It indicates the number of recent metadata changes to a dataset at the source. By default, it is off. You can enable it by toggling the Archive button and specifying the number of objects to archive.

Example: Setting it to 4 retrieves the last four changes, shown in the 'version' column of the 'Metadata Changes' module.

Select Bridge*

The dropdown displays all the active and inactive bridges configured in the OvalEdge. Select the appropriate bridge that enables seamless connectivity between data sources without altering firewall rules.

  1. After entering all connection details, you can perform the following actions:

    1. Click Validate to verify the connection.

    2. Click Save to store the connection for future use.

    3. Click Save & Configure to apply additional settings before saving.

  2. The saved connection will appear on the Connectors home page.

Redshift Connector

The below process depicts how the Redshift connector connects to OvalEdge using AWS Secrets Manager - Role-Based Authentication.

  1. Log into OvalEdge, go to Administration > Connectors, click + (New Connector), search for Redshift, and complete the specific parameters.

Fields marked with an asterisk (*) are mandatory for establishing a connection.

Field Name
Description

Connector Type

By default, "Redshift" is displayed as the selected connector type.

Credential Manager*

Select AWS Secrets Manager from the drop-down list.

License Add Ons

OvalEdge connectors have a default license add-on for data crawling and profiling.

  • Select the checkbox for Auto Lineage Add-On to build data lineage automatically.

  • Select the checkbox for Data Quality Add-On to identify data quality issues using data quality rules and anomaly detection.

  • Select the Data Access Add-On license that will enforce connector access via OvalEdge with Data Access Management (DAM) feature enabled.

Credential Manager Connector ID*

Enter the connector ID generated during the AWS Secrets Manager connector validation.

Example: 1020

Connector Name*

Enter a unique name for the Redshift connection

Example: "Redshift_Prod"

Connector Environment

Select the environment (Example: PROD, STG) configured for the connector.

Server*

Enter the Server name.

Port*

Enter Port.

Database*

Enter the Database name.

Driver*

Driver details are shown by default.

Username*

Enter username. (These details are obtained from the Secret manager) Ex: <secret_name>/<Secret key>

Password*

Enter Password.

Connection String

Configure the connection string for the Redshift database:

  • Automatic Mode: The system generates a connection string based on the provided credentials.

  • Example (Redshift):

jdbc:redshift://{server}:5439/{sid}

  • Manual Mode: Manually enter a valid connection string.

Replace placeholders with actual database details.

{sid} refers to Database Name

Default Governance Roles*

Select the appropriate users or teams for each governance role from the dropdown list. All users and teams configured in OvalEdge Security are displayed for selection.

Admin Roles*

Select one or more users from the dropdown list for Integration Admin and Security and Governance Admin. All users configured in OvalEdge Security are available for selection.

No Of Archive Objects*

It indicates the number of recent metadata changes to a dataset at the source. By default, it is off. You can enable it by toggling the Archive button and specifying the number of objects to archive.

Example: Setting it to 4 retrieves the last four changes, shown in the 'version' column of the 'Metadata Changes' module.

Select Bridge*

The dropdown displays all the active and inactive bridges configured in the OvalEdge. Select the appropriate bridge that enables seamless connectivity between data sources without altering firewall rules.

  1. After entering all connection details, you can perform the following actions:

    1. Click Validate to verify the connection.

    2. Click Save to store the connection for future use.

    3. Click Save & Configure to apply additional settings before saving.

  2. The saved connection will appear on the Connectors home page.

Additional information

  1. Log in to the AWS Console.

  2. Search for Secrets Manager, then select the created secret. Click “Retrieve secret value.

  3. Copy the keys in the Key/value tab as shown in the screenshot below.

PreviousAzure Key VaultNextHashiCorp

Last updated

Was this helpful?