Retrieve credentials from AWS Secrets Manager #
This feature is available from version 220.127.116.11.You may want to store credentials like usernames and associated passwords in AWS Secrets Manager. In that case, you can tell Replicant to retrieve credentials from Secrets Manager instead of reading them from plain YAML files.
Important: Make sure to set AWS credentials and the region either in the credentials file or as environment variables. For more information, see Set up AWS Credentials and Region for Development.
To fetch your credentials from AWS Secrets Manager, follow the steps below:
Modify the connection configuration file #
In your connection configuration file, represent the value of each credential stored in AWS Secrets Manager using a URL. Notice the following about the structure of the URL:
Each URL should begin with
arcion-sm://. This tells Replicant that a Secrets Manager holds the value.
The rest of the URL depends on where the key is stored in AWS Secrets Manager, the key being the name of the credential. For example, the
usernamecredential could have the following URL representation in the connection configuration file:
In the URL above, there are two parts:
connectionConfigrepresents the secret name where various secret keys are stored.
usernameis the secret key for which Replicant should retrieve the value from AWS Secrets Manager.
Below is a sample connection configuration file for MySQL where the
password credentials are stored in the AWS Secrets Manager:
type: MYSQL host: arcion-sm://connectionConfig/host port: arcion-sm://connectionConfig/port username: arcion-sm://connectionConfig/username password: arcion-sm://connectionConfig/password slaveServerIds:  maxConnections: 20 maxRetries: 10 retryWaitDurationMs: 1000
Run Replicant #
Run Replicant with the argument
--use-sm-provider. The argument can take the following two values:
AWS: Replicant will try to read secrets from AWS Secrets Manager.
NONE: Replicant will expect the values of the configuration parameters to be in plain text in the YAML file itself, and will not look in Secrets Manager.
Default value is
Below is a sample Replicant command specifying AWS Secrets Manager:
./bin/replicant test-connection conf/conn/mysql_dst.yaml --validate conf/validate/validationchecks.json --use-sm-provider AWS