Configure Secrets for OCF Connector Settings

Alation Cloud Service Applies to Alation Cloud Service instances of Alation

Customer Managed Applies to customer-managed instances of Alation

On the General Settings tab of an OCF connector Settings page, you can configure your connection to use secrets stored in either AWS Secrets Manager or Azure Key Vault. In what follows, we use “vault” to mean either AWS Secrets Manager or Azure Key Vault. By default, connection information such as JDBC URI and service account usernames and passwords are entered on this page and stored in the Alation database. However, if you have created one or more Authentication Configuration Methods for External Systems for AWS Secrets Manager or Azure Key Vault, the General Settings page will offer the option of pulling such information from the appropriate vault. In this case, most options under Application Settings or Connector Settings will show the following icons to the right of the option:

or

By default, the Standard option (or the database icon) is selected, as shown. To pull the setting from a vault, click the Vault option (or the lock icon).

When using AWS Secrets Manager, you can pull secrets in plain-text format, as JSON key-value pairs, or as a certificate in binary form.

When using Azure Key Vault, only a plain-text secret name is supported.

• Limitation: When using Azure Key Vault, JSON key-value pairs and binary certificates are not supported. Only plain-text secret names may be used.

In this topic:

• Integration with AWS Secrets Manager for Data Source Authentication Using OCF Connector

• Integration with Azure Key Vault for Data Source Authentication Using OCF Connector