You can translate the document:

Introduction

In this document we will explain how to set up a Secret in AWS Secrets Manager and then to configure Denodo to use that Secret for the credentials of JDBC data sources.

Creating a new Secret in AWS

  1. Log into the AWS console, search for Secrets Manager and then go to Store a new secret.

  1. Choose the appropriate secret type and provide the actual username and password for the database connection that you want to use from your JDBC data source.
  1. If you have a database running locally on your computer, you can choose Credentials for other database
  2. Choose the encryption key from the drop down. You can also create a new encryption key using the AWS Key Management Service.
  3. Select the database type and provide the server address, name and port number and click Next.

 

  1. In the Configure Secret window, provide a Secret Name which will be used later in VDP to configure the data source. The secret name has to have the format <name1>/<name2>.
  1. Optionally, you can add Tags and Resource policies to access secrets across AWS accounts.

  1. Choosing a secret rotation is optional. Secrets Manager can automatically rotate your secret on a schedule. To rotate a secret, Secrets Manager uses a Lambda function to update the secret information.
  2. Make sure to verify the naming convention and policy assignment to the user, as highlighted in the AWS Secret Manager documentation.

Connecting to AWS Secrets Manager from Denodo

  1. In order to use AWS Secrets Manager as Credentials Vault in Denodo, you have two options:
  1. AWS Default Credential Provider
  2. Access Keys
  1. In this document, we will use AWS Access Keys to connect to AWS secrets Manager from Denodo.
  2. To get the access key ID and secret access key, follow the steps here.
  3. In the VDP Admin tool or Design Studio, navigate to Administration > Server Configuration > Credentials Vault > AWS Secrets Manager and choose Access Keys as authentication.
  4. Provide the value of the AWS Access Key ID and AWS Secret Access Key along with the AWS region where the secrets are defined.

Authenticating a JDBC data source with the credentials obtained from the Credentials Vault

  1. Create a new JDBC data source.
  2. Provide the connection details.
  3. In the Authentication type, select Use Login and password from password vault (Single secret).
  4. Provide the account name, which is the value of the secret name created in step 3 of the first section in this document.
  5. Test the connection.

References

AWS Secrets Manager

JDBC Data sources

Disclaimer
The information provided in the Denodo Knowledge Base is intended to assist our users in advanced uses of Denodo. Please note that the results from the application of processes and configurations detailed in these documents may vary depending on your specific environment. Use them at your own discretion.
For an official guide of supported features, please refer to the User Manuals. For questions on critical systems or complex environments we recommend you to contact your Denodo Customer Success Manager.

Questions

Ask a question

You must sign in to ask a question. If you do not have an account, you can register here