Stashbase

AWS Secrets Manager

Integrate an environment with AWS Secrets Manager

The AWS Secrets Manager integration lets you connect a Stashbase environment with an AWS account so you can keep secrets synchronized between systems.

Common use cases

  • Use Stashbase as the source of truth and publish selected secrets to AWS Secrets Manager.
  • Import existing AWS secrets into a Stashbase environment.
  • Keep cloud runtime secrets in AWS while managing change workflows in Stashbase.

Connection configuration

In order to connect an environment with AWS Secrets Manager, you need to create workspace integration connection. In order to create an AWS Secrets Manager connection, you need to provide the following information:

  • Connection name: A name for the connection.
  • AWS Access Key ID: The access key ID for your AWS account.
  • AWS Secret Access Key: The secret access key for your AWS account.

Required permissions

The AWS credentials you use to connect Stashbase with AWS Secrets Manager need to have secretsmanager and sts:GetCallerIdentity permissions. Here is an example of an IAM policy that grants the necessary permissions:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "StashbaseSecretsManagerAccess",
      "Effect": "Allow",
      "Action": [
        "secretsmanager:CreateSecret",
        "secretsmanager:PutSecretValue",
        "secretsmanager:UpdateSecret",
        "secretsmanager:DescribeSecret",
        "secretsmanager:DeleteSecret",
        "secretsmanager:ListSecrets",
        "secretsmanager:TagResource",
        "secretsmanager:UntagResource",
        "secretsmanager:RestoreSecret"
      ],
      "Resource": "*"
    },
    {
      "Sid": "StashbaseValidation",
      "Effect": "Allow",
      "Action": "sts:GetCallerIdentity",
      "Resource": "*"
    }
  ]
}

Integration configuration

To create an AWS Secrets Manager integration, you need to select configure the following settings.

Region

The AWS region where your secrets are stored.

Secret name prefix

Optional prefix to use for secret names in AWS Secrets Manager. This helps to organize secrets and avoid naming conflicts.

Tags

The tags to apply to secrets created or updated by Stashbase in AWS Secrets Manager. Tags are key-value pairs that help you organize and manage your secrets. You can add up to 10 custom tags in addition to the default tags that Stashbase applies to all secrets. Stashbase automatically adds and manages the following tags on secrets in AWS Secrets Manager:

  • "managed-by": "stashbase"
  • "stashbase-workspace-id": The ID of the Stashbase workspace that manages the secrets
  • "stashbase-environment-id": The ID of the Stashbase environment that manages the secrets

On this page