# AWS Secrets Manager Amazon Web Services (AWS) Secret Manager helps you to securely store and manage passwords, database strings, and API keys. Secrets can be stored, managed, and retrieved conveniently and securely through a central repository. For more information, please refer to [AWS Secret Manager](https://docs.aws.amazon.com/secretsmanager/latest/userguide/intro.html) ### Overview #### Connector Features | Crawling of Metadata Objects | Not Supported | | ------------------------------------- | ------------- | | Profiling | Not Supported | | Query Sheet | Not Supported | | Data Preview | Not Supported | | Lineage | Not Supported | | Authentication via Credential Manager | Supported | | Data Quality | Not Supported | | DAM (Data Access Management) | Not Supported | | Bridge | Supported | ### Getting Ready to Establish a Connection #### Prerequisites AWS Secrets Manager supports two types of Authentication. **IAM User Authentication** Using IAM User Authentication, you can generate an Access Key, Secret Key, Secret Manager, and Secrets Manager Region. 1. Login to AWS Console. 2. In the Specify user details page, enter ‘User name,’ then click Next. 3. In the Set permissions page, select the ‘Attach policies directly’ button and select the SecretsManagerReadAccess. 4. Click Next. 5. Click Create User. 6. Navigate to the created user as shown below. 7. Click Create Access Key. 8. Click Next, then Create. 9. Copy the generated Access Key and Secret Key, then click Done.
Generating Secret Name: 1. Login to AWS Console. 2. In the search bar, search for Secrets Manager then select Store a new secret. 3. Select the ‘Other type of secret’ button and enter Key/value pairs as shown below.
4. Click Next. 5. In the Configure secret page, enter the Secret name, then click Next.
6. Review the details and then click Store. 7. A secret name will be created.
Secrets Manager Region: Specify the region where the Secrets Manager was created in the connector validation section. **Role Based Authentication** 1. Login into the AWS Console and create an IAM Role as per the below screen. 2. Attach Secret Manager Permissions. Create an Inline policy in IAM Permissions as per the provided below. Note: IAM role with read-only access to AWS Secrets Manager, attach a policy like the following JSON to the role. |

{

"Version": "2012-10-17",

"Statement": \[

{

"Effect": "Allow",

"Action": \[

"secretsmanager:GetSecretValue",

"secretsmanager:DescribeSecret",

"secretsmanager:ListSecrets"

],

"Resource": "\*"

}

]

}

| | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | 3. Name and create the role. Specify a name for the role and complete the creation process. 4. Go to the OvalEdge application running the EC2 Instance and then navigate to the below-mentioned configuration steps. Go to Actions > Security > Modify IAM Role for the EC2 instance. Secret Manager Creation Process: 1. In the search bar, search for Secrets Manager then select Store a new secret. 2. Select the ‘Other type of secret’ button and enter Key/value pairs as shown below. 3. Click Next. 4. In the Configure secret page, enter Secret name then click Next. 5. Review the details and then click Store. 6. Secret Name will be created. 7. Assign Role to EC2. Select the created role and update it for the instance. 8. Validate in OvalEdge. In the OvalEdge application, validate the Secret Manager connection by entering the role ARN in the connector section. ### Setup a Connection | Only a user with a Connector Creator role can set up a connection in OvalEdge. | | ------------------------------------------------------------------------------ | 1. Log into OvalEdge, go to Administration > Connectors, click + (New Connector), search for AWS Secrets Manager, and complete the specific parameters. Note: Fields marked with an asterisk (\*) are mandatory for establishing a connection. | Field Name | Description | | -------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | Connector Type | By default, "AWS Secrets Manager" is displayed as the selected connector type. | | Connector Settings | | | Authentication\* |

Select Authentication from the drop-down list.

| | IAM User Authentication | | | License Add Ons | OvalEdge connectors have a default license add-on for data crawling and profiling. | | Connector Name\* |

Enter a unique name for the AWS Secrets Manager connection

(Example: "AWSSecrets\_Prod").

| | Connector Environment | Select the environment (Example: PROD, STG) configured for the connector. | | Access key\* |

Enter Access Key.

For more information, refer here

| | Secret key\* |

Enter Secret Key

For more information, refer here

| | Secrets Manager Region\* |

Enter Secrets Manager Region

For more information, refer here

| | Secret Name |

Enter Secret Name

For more information, refer here

| | Role Based Authentication | | | License Add Ons | OvalEdge connectors have a default license add-on for data crawling and profiling. | | Connector Name\* |

Enter a unique name for the AWS Secrets Manager connection

(Example: "AWSSecrets\_Prod").

| | Connector Environment | Select the environment (Example: PROD, STG) configured for the connector. | | Cross-Account Role ARN |

Enter Cross-Account Role ARN

For more information, refer here

| | Secrets Manager Region\* |

Enter Secrets Manager Region

For more information, refer here

| | Secret Name |

Enter Secret Name

For more information, refer here

| | Default Governance Roles | | | Default Governance Roles\* | Select the appropriate users or teams for each governance role from the dropdown list. All users and teams configured in OvalEdge Security are displayed for selection. | | Admin Roles | | | Admin Roles\* | Select one or more users from the dropdown list for Integration Admin and Security and Governance Admin. All users configured in OvalEdge Security are available for selection. | | No Of Archive Objects\* |

It indicates the number of recent metadata changes to a dataset at the source. By default, it is off. You can enable it by toggling the Archive button and specifying the number of objects to archive.

Example: Setting it to 4 retrieves the last four changes, shown in the 'version' column of the 'Metadata Changes' module.

| | Bridge | | | Select Bridge\* | The dropdown displays all the active and inactive bridges configured in the OvalEdge. Select the appropriate bridge that enables seamless connectivity between data sources without altering firewall rules. | 2. After entering all connection details, you can perform the following actions: * Click Validate to verify the connection. * Click Save to store the connection for future use. * Click Save & Configure to apply additional settings before saving. 3. The saved connection will appear on the Connectors home page. ### Limitations | S.No. | Description | | ----- | ----------- | | None | | ### Planned Upgrades | S.No. | Expected Date | Upgrade Version | Description | | ----- | ------------- | --------------- | ----------- | | None | | | | ## Redshift Connector The below process depicts how the Redshift connector connects to OvalEdge using AWS Secrets Manager - Role-Based Authentication. 1. Log into OvalEdge, go to Administration > Connectors, click + (New Connector), search for Redshift, and complete the specific parameters. Note: Fields marked with an asterisk (\*) are mandatory for establishing a connection. | Field Name | Description | | --------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | Connector Type | By default, "Redshift" is displayed as the selected connector type. | | Connector Settings | | | Credential Manager\* | Select AWS Secrets Manager from the drop-down list. | | License Add Ons |

OvalEdge connectors have a default license add-on for data crawling and profiling.

| | Credential Manager Connector ID\* |

Enter the connector ID generated during the AWS Secrets Manager connector validation.

Example: 1020

| | Connector Name\* |

Enter a unique name for the Redshift connection

Example: "Redshift\_Prod"

| | Connector Environment | Select the environment (Example: PROD, STG) configured for the connector. | | Server\* | Enter the Server name. | | Port\* | Enter Port. | | Database\* | Enter the Database name. | | Driver\* | Driver details are shown by default. | | Username\* |

Enter username. (These details are obtained from the Secret manager)
Ex: \/\

For more information, refer here.

| | Password\* |

Enter Password.

For more information, refer here.

| | Connection String |

Configure the connection string for the Redshift database:

jdbc:redshift://{server}:5439/{sid}

Replace placeholders with actual database details.

{sid} refers to Database Name

| | Default Governance Roles | | | Default Governance Roles\* | Select the appropriate users or teams for each governance role from the dropdown list. All users and teams configured in OvalEdge Security are displayed for selection. | | Admin Roles | | | Admin Roles\* | Select one or more users from the dropdown list for Integration Admin and Security and Governance Admin. All users configured in OvalEdge Security are available for selection. | | No Of Archive Objects\* |

It indicates the number of recent metadata changes to a dataset at the source. By default, it is off. You can enable it by toggling the Archive button and specifying the number of objects to archive.

Example: Setting it to 4 retrieves the last four changes, shown in the 'version' column of the 'Metadata Changes' module.

| | Bridge | | | Select Bridge\* | The dropdown displays all the active and inactive bridges configured in the OvalEdge. Select the appropriate bridge that enables seamless connectivity between data sources without altering firewall rules. | 2. After entering all connection details, you can perform the following actions: * Click Validate to verify the connection. * Click Save to store the connection for future use. * Click Save & Configure to apply additional settings before saving. 3. The saved connection will appear on the Connectors home page. ### Additional information 1. Login to AWS Console. 2. Search for Secrets Manager, then select the created secret. Click “Retrieve secret value.” 3. Copy the keys in the Key/value tab as shown in the screenshot below.