Skip to main content

How to use AWS Secret Manager, GCP Secret Manager, & Azure Key Vault

Secrets from AWS Secret Manager, GCP Secret Manager & Azure Key Vault can be used in any Secure field which looks like the following:

AWS Secrets Manager Setup​

Instead of providing your raw secret, you can now provide the AWS Secrets Manager ARN like so (latest version):
secret|arn:aws:secretsmanager:123456789012:secret:my_secret-1zAyu6

Note

The last 7 characters of the ARN are automatically generated by AWS and are not mandatory to retrieve the secret, thus secret|arn:aws:secretsmanager:region-name-1:123456789012:secret:my_secret will retrieve the same secret.

Specific Version​

You can get a specific version of the secret you want to retrieve by specifying its version UUID like this:
secret|arn:aws:secretsmanager:region-name-1:123456789012:secret:my_secret:00000000-0000-0000-0000-000000000000

Specific JSON Property​

If your secret value is a JSON string, you can retrieve a specific value like this:
secret|arn:aws:secretsmanager:region-name-1:123456789012:secret:my_secret|key

Or like this:
secret|arn:aws:secretsmanager:region-name-1:123456789012:secret:my_secret:00000000-0000-0000-0000-000000000000|key

GCP Secret Manager Setup​

To use GCP Secret Manager, you will need to install the gcp dependency group:

poetry install --with postgres,redshift,mysql,trino,athena,snowflake --with gcp

Instead of providing your raw secret, you can now provide the name of the GCP Secret Manager secret like so (latest version):
secret|projects/project_id/secrets/my_secret

Specific Version​

You can get a specific version of the secret you want to retrieve by specifying its version id like this:
secret|projects/project_id/secrets/my_secret/versions/1

Specific JSON Property​

If your secret value is a JSON string, you can retrieve a specific value like this:
secret|projects/project_id/secrets/my_secret|key

Or like this:
secret|projects/project_id/secrets/my_secret/versions/1|key

Azure Key Vault Setup​

To use Azure Key Vault, you will need to install the azure-secrets dependency group:

poetry install --with postgres,redshift,mysql,trino,athena,snowflake --with azure-secrets

Instead of providing your raw secret, you can now provide the name of the Azure Key Vault secret like so (latest version):
secret|https://my-vault-name.vault.azure.net/secrets/my-secret

Specific Version​

You can get a specific version of the secret you want to retrieve by specifying its version id (32 lowercase alphanumeric characters) like this:
secret|https://my-vault-name.vault.azure.net/secrets/my-secret/a0b00aba001aaab10b111001100a11ab

Specific JSON Property​

If your secret value is a JSON string, you can retrieve a specific value like this:
secret|https://my-vault-name.vault.azure.net/secrets/my-secret|key

Or like this: secret|https://my-vault-name.vault.azure.net/secrets/my-secret/a0b00aba001aaab10b111001100a11ab|key

Install all Secret Managers​

To install all Secret Managers:

poetry install --with postgres,redshift,mysql,trino,athena,snowflake --with aws-secrets,gcp,azure-secrets