AWS Secrets Manager Secret Store
The aws_secrets_manager
store enables Spice to read secrets from AWS Secrets Manager.
version: v1beta1
kind: Spicepod
name: taxi_trips
secrets:
store: aws_secrets_manager
The store reads secrets named as spice_secret_<secret-name>
, for example dremio
login and password must be defined as spice_secret_dremio
secret in AWS Secrets Manager
A complete spicepod definition with a dataset that uses a secret from AWS Secrets Manager created above.
version: v1beta1
kind: Spicepod
name: taxi_trips
secrets:
store: aws_secrets_manager
datasets:
- from: dremio:datasets.taxi_trips
name: taxi_trips
description: dremio taxi trips
params:
endpoint: grpc://20.163.171.81:32010
AWS Secrets Manager Access​
To use AWS Secrets Manager, an AWS account and a user in IAM Identity Center with the secretsmanager:GetSecretValue
permission are required. Read Authentication and access control for AWS Secrets Manager for details.
Use the AWS CLI to configure AWS access:
aws configure
Check configuration with:
aws sts get-caller-identity
aws secretsmanager get-secret-value --secret-id MyTestSecret