Skip to content

Secret definitions

Secret definitions are resources used by the Designer to reference an existing AWS Secrets Manager secret or Azure Key Vault secret. Secret definitions don't create secrets.

Once a secret definition is created, it can be used in many places throughout the Designer where sensitive information must be given, such as password fields. Secret definitions can be viewed and created in the Secret Definitions tab in the Designer after selecting your project. Not added a project yet? Read Add project.

Adding a secret to the AWS Secrets Manager

  1. Log in to the AWS account that houses your agent.
  2. Browse to the Secrets Manager service.
  3. Ensure you're in the same AWS Region as your agent.
  4. Click Store a new secret.
  5. Click Other type of secret.
  6. Enter a memorable key name and then your secret's value as the value.
  7. Click Next until the secret creation is completed.

Adding a secret to Azure Key Vault

  1. Log in to the Azure portal.
  2. Click Key vaults and click the name of the key vault you want to reference. If there is only one, then this will be the [Default] key vault configured in the agent.
  3. Click Objects and then click Secrets.
  4. Click + Generate/Import.

  5. On the Create a secret screen enter the following:

    Property Description
    Upload options Select Manual.
    Name Type a name for the secret. The secret name must be unique within a key vault. The name must be a 1-127 character string, starting with a letter and containing only 0-9, a-z, A-Z, and -. For more information on naming, read Key Vault objects, identifiers, and versioning.
    Secret value Type a value for the secret.

  6. Click Create.

Add new secret definition

In a Hybrid SaaS deployment model using an Azure agent, you can store secrets in any Azure key vault that your agent has access to. When you add a new secret definition, you can choose which of your key vaults the secret is stored in.

Warning

If using AWS Secrets Manager, it is recommended that secret names and secret definition names do not end with a hyphen followed by six characters. To quote the AWS documentation:

Do not end your secret name with a hyphen followed by six characters. If you do so, you risk confusion and unexpected results when searching for a secret by partial ARN. Secrets Manager automatically adds a hyphen and six random characters after the secret name at the end of the ARN.

  1. From the Your projects menu, select your project.
  2. Navigate to the Secret definitions tab.
  3. Click Add secret definition.

  4. Configure your secret definition.

    Property Description
    Secret definition name A name for the secret definition. Any whitespace added to the start or end of the secret definition name is automatically trimmed.
    Description An optional, referential description for the secret. Max 256 characters.
    Agent Select the agent that will be used by the pipelines that use this secret. This is only required if you have a Hybrid SaaS solution. To learn how to create an agent, read Create an agent.
    Vault name For Hybrid SaaS on Azure deployment models only. Select the Azure key vault that this project will use to store secrets. Select [Default] to use the default key vault specified in the agent environment variables.
    Secret Name For a Hybrid SaaS solution only, select a named entry created in AWS Secrets Manager or Azure Key Vault.
    Secret Key For a Hybrid SaaS solution on AWS only, select a named secret key tied to your secret name.
    Use multi-line text input? For a Matillion Full SaaS solution only, toggle "Yes" to enable multi-line text input for secret values that require multi-line input. For example, certificates and SSH keys.
    Secret value For a Matillion Full SaaS solution only, give a secret value in the field provided.

  5. Click Create secret.

Note

  • You can sort the Secret definitions menu by name or description.
  • Once you've created a secret definition, click the more button ... next to your secret and click View secret details if required.

Delete secret definition

  1. Enter the Secret definitions tab.
  2. Click the more button ... on the corresponding row of a secret definition you want to delete.
  3. Click Delete secret.
  4. Click Yes, delete to confirm deletion. Otherwise, click Cancel.
© Copyright 2024 Matillion Ltd | Legal | Privacy Policy | Disclaimer | Modern Slavery Statement