# AWS Secrets Manager Log in to the AWS Console and create an IAM Role as per the screen below\.Amazon Web Services (AWS) Secret Manager helps you to securely store and manage passwords, database strings, and API keys. Secrets can be stored, managed, and retrieved conveniently and securely through a central repository. For more information, please refer to [AWS Secret Manager](https://docs.aws.amazon.com/secretsmanager/latest/userguide/intro.html) ## Overview ### Connector Features | Feature | Availability | | ------------------------------------- | ------------- | | Crawling of Metadata Objects | Not Supported | | Profiling | Not Supported | | Query Sheet | Not Supported | | Data Preview | Not Supported | | Lineage | Not Supported | | Authentication via Credential Manager | Supported | | Data Quality | Not Supported | | DAM (Data Access Management) | Not Supported | | Bridge | Supported | ## Set up a Connection ### Prerequisites AWS Secrets Manager supports two types of Authentication. #### **IAM User Authentication** Using IAM User Authentication, you can generate an Access Key, Secret Key, Secret Manager, and Secrets Manager Region. 1. Log in to the **AWS Console.** 2. In the **Specify user details** page, enter ‘User name,’ then click **Next**.

3. In the **Set permissions** page, select the ‘**Attach policies directly**’ button and select the **SecretsManagerReadAccess.**

4. Click **Next**. 5. Click **Create User.** 6. Navigate to the created user as shown below.

7. Click **Create Access Key.**

8. Click **Next**, then **Create**.

9. Copy the generated **Access Key** and **Secret Key**, then click **Done**.

#### Generating Secret Name 1. Log in to the **AWS Console.** 2. In the search bar, search for **Secrets Manager**, then select **Store a new secret.**

3. Select the ‘**Other type of secret**’ button and enter **Key/value pairs** as shown below.

4. Click **Next**. 5. On the **Configure Secret** page, enter the **Secret name**, and then click **Next**.

6. Review the details and then click **Store**. 7. A secret name will be created.

**Secrets Manager Region** Specify the region where the Secrets Manager was created in the connector validation section. #### **Role Based Authentication** 1. Log in to the AWS Console and create an IAM Role as per the screen below.

2. Attach Secret Manager Permissions. 3. Create an Inline policy in IAM Permissions as per the provided below.

{% hint style="info" %} IAM role with read-only access to AWS Secrets Manager, attach a policy like the following JSON to the role. {% endhint %} ``` { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "secretsmanager:GetSecretValue", "secretsmanager:DescribeSecret", "secretsmanager:ListSecrets" ], "Resource": "*" } ] } ``` 3. Name and create the role.\ Specify a name for the role and complete the creation process.

4. Go to the OvalEdge application running the EC2 Instance and then navigate to the below-mentioned configuration steps.\ Go to **Actions > Security > Modify** IAM Role for the EC2 instance.

**Secret Manager Creation Process** 1. In the search bar, search for **Secrets Manager** then select **Store a new secret.**

2. Select the ‘**Other type of secret**’ button and enter **Key/value pairs** as shown below.

3. Click **Next**. 4. On the **Configure Secret page**, enter the **Secret name**, and then click **Next**.

5. Review the details and then click **Store**. 6. Secret Name will be created. 7. Assign Role to **EC2**.\ Select the created role and update it for the instance.

8. Validate in OvalEdge.\ In the OvalEdge application, validate the **Secret Manager** connection by entering the **role ARN** in the connector section. ### Connection Configuration Steps {% hint style="info" %} Only a user with a Connector Creator role can set up a connection in OvalEdge. {% endhint %} 1. Log into OvalEdge, go to Administration > Connectors, click + (New Connector), search for AWS Secrets Manager, and complete the specific parameters. {% hint style="info" %} Fields marked with an asterisk (\*) are mandatory for establishing a connection. {% endhint %}

Field Name	Description
Connector Type	By default, "AWS Secrets Manager" is displayed as the selected connector type.
Authentication*	Select Authentication from the drop-down list. IAM User Authentication Role Based Authentication
IAM User Authentication
License Add Ons	OvalEdge connectors have a default license add-on for data crawling and profiling.
Connector Name*	Enter a unique name for the AWS Secrets Manager connection (Example: "AWSSecrets_Prod").
Connector Environment	Select the environment (Example: PROD, STG) configured for the connector.
Access key*	Enter Access Key.
Secret key*	Enter Secret Key.
Secrets Manager Region*	Enter Secrets Manager Region.
Secret Name	Enter Secret Name.
Role Based Authentication
License Add Ons	OvalEdge connectors have a default license add-on for data crawling and profiling.
Connector Name*	Enter a unique name for the AWS Secrets Manager connection (Example: "AWSSecrets_Prod").
Connector Environment	Select the environment (Example: PROD, STG) configured for the connector.
Cross-Account Role ARN	Enter Cross-Account Role ARN.
Secrets Manager Region*	Enter Secrets Manager Region.
Secret Name	Enter Secret Name.
Default Governance Roles*	Select the appropriate users or teams for each governance role from the dropdown list. All users and teams configured in OvalEdge Security are displayed for selection.
Admin Roles*	Select one or more users from the dropdown list for Integration Admin and Security and Governance Admin. All users configured in OvalEdge Security are available for selection.
No Of Archive Objects*	It indicates the number of recent metadata changes to a dataset at the source. By default, it is off. You can enable it by toggling the Archive button and specifying the number of objects to archive. Example: Setting it to 4 retrieves the last four changes, shown in the 'version' column of the 'Metadata Changes' module.
Select Bridge*	The dropdown displays all the active and inactive bridges configured in the OvalEdge. Select the appropriate bridge that enables seamless connectivity between data sources without altering firewall rules.

2. After entering all connection details, you can perform the following actions: 1. Click Validate to verify the connection. 2. Click Save to store the connection for future use. 3. Click Save & Configure to apply additional settings before saving. 3. The saved connection will appear on the Connectors home page. ## Redshift Connector The below process depicts how the Redshift connector connects to OvalEdge using AWS Secrets Manager - Role-Based Authentication. 1. Log into OvalEdge, go to **Administration > Connectors**, click **+ (New Connector)**, search for **Redshift**, and complete the specific parameters. {% hint style="info" %} Fields marked with an asterisk (\*) are mandatory for establishing a connection. {% endhint %}

Field Name	Description
Connector Type	By default, "Redshift" is displayed as the selected connector type.
Credential Manager*	Select AWS Secrets Manager from the drop-down list.
License Add Ons	OvalEdge connectors have a default license add-on for data crawling and profiling. Select the checkbox for Auto Lineage Add-On to build data lineage automatically. Select the checkbox for Data Quality Add-On to identify data quality issues using data quality rules and anomaly detection. Select the Data Access Add-On license that will enforce connector access via OvalEdge with Data Access Management (DAM) feature enabled.
Credential Manager Connector ID*	Enter the connector ID generated during the AWS Secrets Manager connector validation. Example: 1020
Connector Name*	Enter a unique name for the Redshift connection Example: "Redshift_Prod"
Connector Environment	Select the environment (Example: PROD, STG) configured for the connector.
Server*	Enter the Server name.
Port*	Enter Port.
Database*	Enter the Database name.
Driver*	Driver details are shown by default.
Username*	Enter username. (These details are obtained from the Secret manager) Ex: <secret_name>/<Secret key>
Password*	Enter Password.
Connection String	Configure the connection string for the Redshift database: Automatic Mode: The system generates a connection string based on the provided credentials. Example (Redshift): jdbc:redshift://{server}:5439/{sid} Manual Mode: Manually enter a valid connection string. Replace placeholders with actual database details. {sid} refers to Database Name
Default Governance Roles*	Select the appropriate users or teams for each governance role from the dropdown list. All users and teams configured in OvalEdge Security are displayed for selection.
Admin Roles*	Select one or more users from the dropdown list for Integration Admin and Security and Governance Admin. All users configured in OvalEdge Security are available for selection.
No Of Archive Objects*	It indicates the number of recent metadata changes to a dataset at the source. By default, it is off. You can enable it by toggling the Archive button and specifying the number of objects to archive. Example: Setting it to 4 retrieves the last four changes, shown in the 'version' column of the 'Metadata Changes' module.
Select Bridge*	The dropdown displays all the active and inactive bridges configured in the OvalEdge. Select the appropriate bridge that enables seamless connectivity between data sources without altering firewall rules.

2. After entering all connection details, you can perform the following actions: 1. Click Validate to verify the connection. 2. Click Save to store the connection for future use. 3. Click Save & Configure to apply additional settings before saving. 3. The saved connection will appear on the Connectors home page. ### Additional information 1. Log in to the **AWS Console.** 2. Search for **Secrets Manager**, then select the created secret. Click “**Retrieve secret value.**” 3. Copy the keys in the **Key/value tab** as shown in the screenshot below.