Skip to main content

AWS Secrets Manager Secret Store

The aws_secrets_manager store enables Spice to read secrets from AWS Secrets Manager.

version: v1beta1
kind: Spicepod
name: taxi_trips
secrets:
store: aws_secrets_manager

The store reads secrets named as spice_secret_<secret-name>, for example dremio login and password must be defined as spice_secret_dremio secret in AWS Secrets Manager

A complete spicepod definition with a dataset that uses a secret from AWS Secrets Manager created above.

version: v1beta1
kind: Spicepod
name: taxi_trips
secrets:
store: aws_secrets_manager

datasets:
- from: dremio:datasets.taxi_trips
name: taxi_trips
description: dremio taxi trips
params:
endpoint: grpc://20.163.171.81:32010

AWS Secrets Manager Access

To use AWS Secrets Manager, an AWS account and a user in IAM Identity Center with the secretsmanager:GetSecretValue permission are required. Read Authentication and access control for AWS Secrets Manager for details.

Use the AWS CLI to configure AWS access:

aws configure

Check configuration with:

aws sts get-caller-identity
aws secretsmanager get-secret-value --secret-id MyTestSecret