Manage credentials
Credentials refer to roles and permissions you can set on the hosting platform of your Matillion ETL instance. Once you have configured credentials for your chosen platform, you can use these throughout your Matillion ETL instance, such as when you create a project or edit your environment.
There are two types of credentials you can use in your Matillion ETL instance:
-
Instance Credentials: Tied to the instance hosting the Matillion ETL client. These cannot be edited from within the client, and must be changed from the console of the hosting platform. These types of credentials are overruled by User Defined credentials.
-
User Defined Credentials: Environment-specific, and are set by the user in the Manage Credentials dialog. You can modify these types of credentials from within your Matillion ETL instance, and use a different set of credentials for each environment, which users are free to switch between.
Note
Matillion ETL can integrate with other platform-specific services in your account, provided you have authorized it to do so. This is not compulsory, although some parts of the product (such as automatic discovery of Storage associated with your account) may not fully function without appropriate credentials.
Accessing manage credentials
-
You can create new sets of credentials for your chosen platform by accessing the Manage Credentials dialog. To do this, click Project, then Manage Credentials in your Matillion ETL instance.
-
The Manage Credentials dialog will be displayed, where you can choose to test any existing instance, or create and/or test User Defined credentials.
Configuring instance credentials
Instance Credentials are only applicable for the platform the instance is hosted on. If instance credentials are available, you can test them by clicking Test at the top of the Manage Credentials dialog. This will check access to any services that Matillion ETL uses. You may continue even if the tests fail; however, some parts of the product may be impaired or non-functional without appropriate credentials.
Configuring AWS user defined credentials
-
In the User Defined Credentials section of the Manage Credentials dialog, click the AWS tab.
Note
Refer to IAM Roles & Permissions (AWS) for help with gathering credentials from the AWS cloud platform.
-
Click the add icon to open the Create AWS Credential dialog, and add a new set of credentials.
Note
To modify existing credentials, click the edit pencil icon next to existing entries.
-
Complete the following fields:
- Credential Name: Provide a descriptive name for identification purposes.
- Access Key ID: Provided by your AWS account. For more information, log in to the console.
- Secret Access Key: Provided by your AWS account.
- Encryption Type: Use the drop-down menu to choose Encoded or KMS (default) encryption method. KMS requires a Master Key. To learn more KMS, visit AWS KMS.
- Master Key: Use the drop-down menu to select your master key. Only required if KMS encryption type is selected.
-
Click Test at the bottom of the dialog to check the credentials for its platform-specific services and their status.
-
Click OK to finish the setup.
Configuring GCP user defined credentials
-
In the User Defined Credentials section of the Manage Credentials dialog, click the GCP tab.
Note
Refer to IAM Roles & Permissions (GCP) for gathering credentials from GCP.
-
Click the add icon to open the Create GCP Credential dialog, and add a new set of credentials.
Note
To modify existing credentials, click the edit pencil icon next to existing entries.
-
Complete the following fields:
- Credential Name: Provide a descriptive name for identification purposes.
- Service Account: Provide your GCP service account details to enable the use of other Google Cloud Services. Log in to the console to obtain these details.
- Encryption Type: Use the drop-down menu to choose Encoded or KMS (default) encryption method. KMS requires a Master Key. To learn more about KMS, read Cloud Key Management.
- Master Key: Use the drop-down menu to select your master key. Only required if KMS encryption type is selected.
-
Click Test at the bottom of the dialog to check the credentials for its platform-specific services and their status.
-
Click OK to finish the setup.
Configuring Azure user defined credentials
-
In the User Defined Credentials section of the Manage Credentials dialog, click the Azure tab.
Note
Refer to Roles & Permissions (Azure) for help with gathering credentials from the Azure cloud platform.
-
Click the add icon to add a new set of credentials.
Note
To modify existing credentials, click the edit pencil icon next to existing entries.
-
Complete the following fields:
- Credential Name: Provide a descriptive name for identification purposes.
- Tenant ID: Provide this globally unique identifier (GUID). Log in to the console.
- Client ID: Provided by your Azure account.
- Secret Key: Provided by your Azure account.
- Encryption Type: Use the drop-down menu to choose Encoded or KMS (default) encryption method. KMS requires a Master Key. To learn more about KMS, read Key Vault.
- Master Key: Use the drop-down menu to select your master key. Only required if KMS encryption type is selected.
-
Click Test at the bottom of the dialog to check the credentials for its platform-specific services and status.
Note
Testing the Azure credentials only confirms that you have permission to list storage accounts, not necessarily access them. Furthermore, this only applies to storage accounts that you have permission to see. As such a test may fail, because you do not have the appropriate permissions, but still allow the job to work correctly.
-
Click OK to finish the setup.