AWS Secrets Manager
Integrate an environment with AWS Secrets Manager
The AWS Secrets Manager integration lets you connect a Stashbase environment with an AWS account so you can keep secrets synchronized between systems.
Common use cases
- Use Stashbase as the source of truth and publish selected secrets to AWS Secrets Manager.
- Import existing AWS secrets into a Stashbase environment.
- Keep cloud runtime secrets in AWS while managing change workflows in Stashbase.
Connection configuration
In order to connect an environment with AWS Secrets Manager, you need to create workspace integration connection. In order to create an AWS Secrets Manager connection, you need to provide the following information:
- Connection name: A name for the connection.
- AWS Access Key ID: The access key ID for your AWS account.
- AWS Secret Access Key: The secret access key for your AWS account.
Required permissions
The AWS credentials you use to connect Stashbase with AWS Secrets Manager need to have secretsmanager and sts:GetCallerIdentity permissions.
Here is an example of an IAM policy that grants the necessary permissions:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "StashbaseSecretsManagerAccess",
"Effect": "Allow",
"Action": [
"secretsmanager:CreateSecret",
"secretsmanager:PutSecretValue",
"secretsmanager:UpdateSecret",
"secretsmanager:DescribeSecret",
"secretsmanager:DeleteSecret",
"secretsmanager:ListSecrets",
"secretsmanager:TagResource",
"secretsmanager:UntagResource",
"secretsmanager:RestoreSecret"
],
"Resource": "*"
},
{
"Sid": "StashbaseValidation",
"Effect": "Allow",
"Action": "sts:GetCallerIdentity",
"Resource": "*"
}
]
}Integration configuration
To create an AWS Secrets Manager integration, you need to select configure the following settings.
Region
The AWS region where your secrets are stored.
Secret name prefix
Optional prefix to use for secret names in AWS Secrets Manager. This helps to organize secrets and avoid naming conflicts.
Tags
The tags to apply to secrets created or updated by Stashbase in AWS Secrets Manager. Tags are key-value pairs that help you organize and manage your secrets. You can add up to 10 custom tags in addition to the default tags that Stashbase applies to all secrets. Stashbase automatically adds and manages the following tags on secrets in AWS Secrets Manager:
- "managed-by": "stashbase"
- "stashbase-workspace-id": The ID of the Stashbase workspace that manages the secrets
- "stashbase-environment-id": The ID of the Stashbase environment that manages the secrets