Using Secrets Management

Make sure you have enabled Secrets Management on your local or cloud runtime before beginning.

You can create secrets either using the Environment Extensions page in Platform, or with the Environment Extensions API.

Adding Secrets via Platform

In the Platform, navigate to Integration > Runtime Management. Then, select an environment and click Environment extensions.

1. Select the Use Secrets references checkbox to expose additional fields.
2. Select the secrets manager you are using to store your secrets.
3. Set the secret reference value

• For AWS, enter the ARN to the secret
• For Azure Key Vault, enter the URL to the secret
• For GCP, enter the URL to the secret

Adding Secrets via API

For AWS:

• Call the environment extensions API with a CloudManagedSecretsConfig with usesRemoteSecretsManager="true", secretsManagerType="AWS", and secretReference set to the ARN of a secret in the AWS secrets manager for the account you are using.

For Azure Key Vault:

• Call the environment extensions API with a CloudManagedSecretsConfig with usesRemoteSecretsManager="true", secretsManagerType="AZURE", and secretReference set to the URL of a secret in the AzureKeyVault for the account you are using.

For GCP:

• Call the environment extensions API with a CloudManagedSecretsConfig with usesRemoteSecretsManager="true", secretsManagerType="GCP", and secretReference set to the path of a secret in the GCP secrets manager for the account you are using.