Platform keys
Data Loader uses a key pair to securely link to your installed CDC agents. The key pair is required to ensure CDC agents can communicate between your VPC and the Data Productivity Cloud.
How your platform key works
The name of the key in your secrets manager should be stored in the PLATFORM_KEY_NAME template variable.
Once generated, you are required to enter the secret into either AWS Secrets Manager, Azure Key Vault, or Google Secret Manager, where your agents can access them. Note that your choice of template might come configured to assume which of these services you will be using, and this decision should be made before attempting to use a template.
Note
- You will need to enter your source database passwords into your secrets manager. You may wish to do so while you are registering your account's secret key.
- Even agents not running in the cloud (for example, those launched using Kubernetes) require access to your secrets manager to access the platform key and database credentials.
Generating the key pair
If you haven't generated a platform secret for your account yet, Data Loader will prompt you to do so when creating a CDC pipeline.
Note
If you misplace or forget your private key, you can reset your own stored key pair value.
Resetting the key pair
If you forget or lose your private key pair value, you can reset your configured key pair in the Data Loader user interface.
- From the Data Loader dashboard, click Manage in the sidebar.
- Click CDC key.
- Delete the existing configured key pair.
- You'll be prompted to confirm the deletion of your key to prevent accidental deletion. Type delete, to confirm you have understood. Click Yes, delete to continue.
- On the next page, agree to I have saved the private key in a secrets manager and made a note of the secret name and then click Submit key pair.
This will generate a new key pair value.
Note
Any linked agents will stay connected during the current session. However, if the agent becomes disconnected for any reason and tries to reconnect, your key pair will no longer be valid and you will be prompted to provide a new key pair.
Storing your platform secret
The Matillion CDC agent expects to find your platform secret in either AWS Secrets Manager, Azure Key Vault, or Google Secret Manager, depending on where the agent is installed.
For specific information on storing secrets in these services, review the following documentation and remember to have your platform secret ready.
Agent installation documentation
Cloud platform documentation
Agent environment variables
You can set up manually installed agents to use the following environment variables. If you have installed via an AWS or Azure template then you do not need to configure these.
| Environment Variable | Description |
|---|---|
PLATFORM_KEY_PROVIDER |
Accepted values are: azure-key-vault or aws-secrets-manager. |
AZURE_SECRET_KEY_VAULT_URL |
If PLATFORM_KEY_PROVIDER is azure-key-vault. The URL of your Azure key vault. For example, https://vault-name.vault.azure.net |
The CDC agent expects to find this secret stored with the key name agent-rsa by default. We highly recommend using this name and not configuring the below environment variable. It is, however, available for those who wish to use a different key name.
| Environment Variable | Description |
|---|---|
PLATFORM_KEY_NAME |
The name of your platform secret key. This name must abide by your platform's naming conventions. |