Skip to content

AWS Secrets Manager

AWS Secrets Manager manages keys, secrets, and certificates in the AWS portal. Several functions in the Data Productivity Cloud require access to these resources.

Creating secrets in AWS Secrets Manager


  • A secret can be used for hosting a password for the connection to a source database or for hosting a private key.
  • If you need to store multiple passwords and keys, these should each be in a separate secret.
  1. Log in to your AWS account. This should be the same account that you use with the Data Productivity Cloud.
  2. Browse to the AWS Secrets Manager service. If the service isn't in your Recently visited, click the search bar and type "Secrets Manager" and click Secrets Manager.
  3. Click Store a new secret. The Choose secret type page will open.
  4. For the Secret type section, choose Other type of secret.
  5. For the Key/value pairs section, use the side-by-side fields to add the key and the value of your secret.
  6. In the Encryption key field, we advise leaving the field blank so Secrets Manager automatically provisions the KMS key. If you opt to use a customer-managed KMS key, you will need to give your agent access to a custom key if used.
  7. Click Next.
  8. Give your secret a Secret name to identify it. The secret name will be used by the Data Productivity Cloud to locate and use the correct key.
  9. You do not need to give individual Resource permissions as this key is being used by services within the same account. Our best-practice guidelines are therefore to ignore this option.


    • If you expect to access this key from another AWS account, consult your administrator for the required access permissions.
    • This isn't the same as granting permission to other resources to access the key. Read Permissions after creating your secret for more information on this.
  10. Click Next and then Next again on the Configure rotation page.

  11. Review your new secret and click Store when satisfied.
  12. Click back into your new secret and note down the Secret ARN. You may need to invoke the ARN within the Data Productivity Cloud—when you create an agent, for example.


Your Data Productivity Cloud agent will require the following AWS Secrets Manager permission: secretsmanager:GetSecretValue.

To learn more, read IAM Roles.