Secrets with AWS Secrets Manager
You can configure AWS Secrets Manager as a secrets engine for Spinnaker. See the AWS Secrets Manager User Guide for how to set up AWS Secrets Manager,
Referencing secrets stored in AWS Secrets Manager
You can reference a KeyStore or KeyStore password stored in AWS Secrets Manager. Based on which type of secret you want to reference, use one of the following formats:
keyStore: encryptedFile:secrets-manager!r:<some region>!s:<secret name>
keyStorePassword: encrypted:secrets-manager!r:<some region>!s:<secret name>!k:some-key
encrypted- Required. Indicates that this is an encrypted file or an encrypted string, respectively.
secrets-manager- Required. Indicates that secrets are stored in AWS Secrets Manager
!- Required. Delimiter between parameters.
r:<AWS region>- Required. The AWS region your secret is stored in. For example, use
r:us-west-2for a secret stored in the
s:<Secret name>- Required. The name of the secret stored in AWS Secrets Manager
k<some-key>- Required for encrypted strings. The Secret key. Omit for KeyStores.
For example, the following example references a KeyStore stored in
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.