Skip to content

Add agent credentials to AWS Secrets Manager

This page is a guide to adding your agent credentials to AWS Secrets Manager.

This only applies to customer hosted agents in a Hybrid SaaS solution.

Adding agent credentials to Secrets Manager ensures that, when using an agent you are hosting in your own cloud infrastructure, your credentials aren't passed to the Matillion control plane, keeping your secrets in your own infrastructure. Even when a pipeline refers to a secret, it's resolved at run time by the agent, with only references to the secret being stored in the Data Productivity Cloud.


Locate your agent credentials

  1. Log in to Hub.
  2. Click the menu button in the top left of any Data Productivity Cloud screen, then click ManageAgents.
  3. Select an agent. If you haven't created one yet, read Create an agent.
  4. In Agent details, scroll down to Credentials.
  5. Click Reveal credentials.
  6. Note the revealed client_id and client_secret.

Add your credentials to AWS Secrets Manager

  1. Log in to the AWS Console.
  2. Once logged in, type "Secrets Manager" in the search bar and click Secrets Manager.
  3. Click Store a new secret.
  4. Choose the tile labelled Other type of secret.
  5. Add two key:value pairs:

    • client_id: The value of the client ID located as described above.
    • client_secret: The value of the client secret located as described above.
  6. Click Next.

  7. Name the secret and provide a secret description. Click Next.
  8. Click Next again unless you wish to configure rotation settings.
  9. Review the secret and click Store. You'll return to Secrets. Refresh the page.

Retrieve the ARN of your new secret

  1. While in the Secrets dashboard of AWS Secrets Manager, click the name of your new secret.
  2. In the Secret details container, copy the Secret ARN and save this value for later to reference it in the task definition.

You may need provide permissions to the new secret by adding access to your new ARN to the IAM ECS task execution role that is referenced by the Task definition. For more information read ECS task role in AWS IAM roles.