Skip to content

Integrating Matillion ETL with secret managers

Matillion ETL Secrets Manager lets you connect to one or more secret managers, which will directly reference passwords, API tokens, keys, and secrets stored in third-party secret manager platforms.

As of version 1.56.x of Matillion ETL, the following secret managers are supported:

Any password/key rotation within your organization can be maintained externally from Matillion ETL.

Note

This feature cannot be used with OAuth configurations.

Linking your project group to a secret manager

  1. Click ProjectManage Project Group Passwords. The Manage Passwords dialog will open.
  2. In Manage Passwords, click the Secret Managers tab.
  3. To connect to your secret manager, click + in Manage Passwords. A two-page Add Secret Manager wizard will open.

  4. Complete the first page of the wizard: Information.

    Property Description
    Name A descriptive name for your secret manager. The name can contain alphanumerics, underscores, single space characters, parentheses, and hyphens. You cannot use single space characters as the first (leading) or last (trailing) character.
    Type The type of secret manager to connect to.

  5. Click Next.

  6. Complete the second page of the wizard: Configuration.

    Property Description
    Credentials Your cloud provider credentials. This drop-down menu should be autopopulated by the credentials created in Manage Credentials. To learn more, read Manage Credentials.
    Region (AWS Secrets Manager only) Select your AWS region within which the secrets manager resource has been created.
    Key Vault (Azure Key Vault only) Select a key vault from the drop-down list. The list will be populated based on the Azure credentials in Manage Credentials. To learn how to create a key vault, read Quickstart: Create a key vault using the Azure portal.
    Project (GCP Secret Manager only) Select a GCP project from the drop-down list. The list will be populated based on the GCP credentials in Manage Credentials. To learn how to create a project, read Creating and managing projects.

  7. Click Finish to complete the secret manager integration.

Once you complete the setup, the wizard will close, and your connection to your secret manager will be displayed in the Secret Managers tab within Manage Passwords.

Using Passwords from your connected secret managers

To use a secret from your newly connected secret manager, follow the below steps.

  1. In Manage Passwords, click the Passwords tab.
  2. Click + to create a new password. This will open Create Password.

  3. Complete the Create Password form. The table below describes the relevant properties for adding a password to a secret manager. For passwords of an Internal type, read Manage Passwords.

    Property Description
    Password Name An identifier for your password entry.
    Password Type Select External to choose a secret from a connected secret manager.
    Secret Manager Select a connected secret manager.
    Secret Name Choose a secret from the selected secret manager. The drop-down menu will autopopulate based on the secrets stored in the selected secret manager and the credentials used to connect to it.
    Secret Key Select a secret key from within your chosen secret.
    Description A contextual description for your password.

  4. Click OK to create the password, which will directly reference the value in the secret manager at the moment it is resolved.

Your newly created password will then be ready to use in Matillion ETL.