Secrets overview

Several functions in the Data Productivity Cloud require access to secrets stored in your cloud provider's secret manager. These include:

• Identification between installed agents and your Hub account.
• Storing database credentials to be used when configuring a pipeline's source.
• Storing source credentials for use in connectors.

Using the cloud provider's secret manager means that the Data Productivity Cloud never needs to store the values of your passwords or keys—it's all handled by your cloud provider. This provides an extra assurance of security for your credentials.

---

Using secrets

1. Create a named secret in your cloud provider's secret manager.
2. Add the secret name to the secrets stored in the Data Productivity Cloud. Doing this stores only the name and location of the secret, not the secret's value.
3. Call the secret by name when you need to use the credentials—for example in a data source connector. The secret name is resolved at runtime to obtain the credentials stored in the secret key.

If you need to store multiple passwords and keys, each should be in a separate, named secret.

---

Using secret managers

To learn more about your cloud provider's secret manager technology, read the appropriate documentation:

• AWS Secrets Manager
• Azure Key Vault
• GCP Secret Manager