Integrating Matillion ETL with Secret Managers
- DarkLight
Integrating Matillion ETL with Secret Managers
- DarkLight
Article Summary
Share feedback
Thanks for sharing your feedback!
Overview
Matillion ETL Secrets Manager lets you connect to one or more secret managers, which will directly reference passwords, API tokens, keys, and secrets stored in third party secret manager platforms.
As of version 1.56.x of Matillion ETL, the following secret managers are supported:
Any password/key rotation within your organization can be maintained externally from Matillion ETL.
Please Note
This feature cannot be used with OAuth configurations.
Linking your project group to a secret manager
1. Click Project and then click Manage Project Group Passwords. The Manage Passwords dialog will open.
2. In Manage Passwords, click the Secret Managers tab.
3. To connect to your secret manager, click in Manage Passwords. A two-page Add Secret Manager wizard will open.
4. Complete the first page of the wizard: Information.
| Property | Description |
|---|---|
| Name | A descriptive name for your secret manager. The name can contain alphanumerics, underscores, single space characters, parentheses, and hyphens. You cannot use single space characters as the first (leading) or last (trailing) character. |
| Type | The type of secret manager to connect to. |
When you are ready, click Next.
5. Complete the second page of the wizard: Configuration.
| Property | Description |
|---|---|
| Credentials | Your cloud provider credentials. This dropdown menu should be autopopulated by the credentials created in Manage Credentials. To learn more, read Manage Credentials. |
| Region | (AWS Secrets Manager only) Select your AWS region within which the secrets manager resource has been created. |
| Key Vault | (Azure Key Vault only) Select a key vault from the drop-down list. The list will be populated based on the Azure credentials in Manage Credentials. To learn how to create a key vault, read Quickstart: Create a key vault using the Azure portal. |
| Project | (GCP Secret Manager only) Select a GCP project from the drop-down list. The list will be populated based on the GCP credentials in Manage Credentials. To learn how to create a project, read Creating and managing projects. |
When you are ready, click Finish to complete the secret manager integration.
 |  |  |
Once you complete the setup, the wizard will close, and your connection to your secret manager will be displayed in the Secret Managers tab within Manage Passwords.
Using Passwords from your connected secret managers
To use a secret from your newly connected secret manager, follow the below steps.
1. In Manage Passwords, click the Passwords tab.
2. Click to create a new password. This will open Create Password.
3. Complete the Create Password form. The table below describes the relevant properties for adding a password to a secret manager. For passwords of an Internal type, read Manage Passwords.
| Property | Description |
|---|---|
| Password Name | An identifier for your password entry. |
| Password Type | Select External to choose a secret from a connected secret manager. |
| Secret Manager | Select a connected secret manager. |
| Secret Name | Choose a secret from the selected secret manager. The dropdown menu will autopopulate based on the secrets stored in the selected secret manager and the credentials used to connect to it. |
| Secret Key | Select a secret key from within your chosen secret. |
| Description | A contextual description for your password. |
4. Click OK to create the password, which will directly reference the value in the secret manager at the moment it is resolved.
Your newly created password will then be ready to use in Matillion ETL.