AWS Secrets manager provider
This secrets provider fetches secret values from AWS Secrets Manager.
To use the AWS Secrets Manager provider, add the following in zoe's configuration :
secrets:
provider: awsSecretsManager
region: eu-west-1 # Optional
Using the configuration above, when zoe encounters secret:JAAS_CONFIG
, it looks up a secret named JAAS_CONFIG
from AWS Secrets Manager.
Supported credentials
The AWS Secrets Manager provider needs to authenticate to AWS. By default, it uses the AWS default credentials chain. But this can be overridden in the credentials
section of the provider config. The same credentials types as the lambda credentials are supported:
secrets:
provider: "awsSecretsManager"
region: "eu-west-1"
credentials:
type: "profile"
name: "my-customr-profile"
secrets:
provider: "awsSecretsManager"
region: "eu-west-1"
credentials:
type: "static"
accessKey: "accessKey"
secretAccessKey: "secretAccessKey"
If your authentication mode is not supported, you can generate an STS session and use the "default" credentials so that zoe uses this STS session. You can take a look at the lambda runner credentials section to know more about how to achieve that.