Introduction

This feature requires an Organization Admin role and is not available in local mode

Secrets are used to store security-sensitive credential information needed to access the data and catalog stores. Secrets are supported only in SaaS mode setup. The secrets page is accessible by navigating to 'Admin->Secrets' as shown below.

Secrets

The Secrets page displays the list of registered secrets shown below. 

A secret can be of one of the following provider types.

1. AWS: Supports two types, namely
   1. Credentials: Captures an AWS access key and secret key credential information.
   2. Delegated IAM: Captures the necessary information that allows access to AWS-hosted resources using a cross-account delegated IAM role, which is a more secure way of providing access. Please refer to this article for more details on delegated IAM roles.
2. Azure: Captures an Azure storage account key as a 'Credentials' type of secret.
3. GCP: Captures a Google service account key JSON file as a 'Credentials' type of secret - Reference
4. Basic Auth: Captures a username and password typically used to store credentials to access a relational database as a 'Credentials' type of secret.

The page allows you to filter secrets by provider and search for a particular secret by name.

1. Click on 'Add Secrets' button on the top right corner of the page.
2. A form as below opens up. Enter a name and select the 'Type' from the drop-down. Fill in the fields specific to the type and click 'Submit'.
   
   

   Add Secret

    

Edit Secret

Click the 'Edit' button on the card corresponding to the secret to be edited. A form similar to 'Add Secret' opens up with credential fields allowed to be edited.

Delete Secret

Click the 'Delete' button on the card corresponding to the secret to be deleted and confirm the deletion.