Provide Secure Credentials¶
Okera recommends that you use secure credentials. Sensitive credentials should not be provided in plaintext, and instead should be provided in a secrets file either from local Secret sources such as Kubernetes secrets, or from Cloud secrets managers services.
Okera recommends (for auditability) that you create a new system user for Okera in your underlying database, and use those credentials in your Okera connection to that database.
Note: This system user must have read access to your data.
Secure credential stores that are supported by Okera include:
awsps://- AWS System Manager Parameter Store
awssm://- AWS Secrets Manager
azurekv://- Azure KeyVault
gcpsm://- GCP Secret Manager
file://- local files (using Kubernetes mounted secrets)
For information about using secrets in IAM policies, review the IAM policy examples for secrets in AWS secrets Manager.
Note: Make sure you provide the correct permissions for Okera to access your secrets file.