Provide Secure Credentials

Okera recommends that you use secure credentials. Sensitive credentials should not be provided in plaintext, and instead should be provided in a secrets file either from local Secret sources such as Kubernetes secrets, or from Cloud secrets managers services.

Okera recommends (for auditability) that you create a new system user for Okera in your underlying database, and use those credentials in your Okera connection to that database.

Note: This system user must have read access to your data.

Secure credential stores that are supported by Okera include:

• awsps:// - AWS System Manager Parameter Store

• awssm:// - AWS Secrets Manager

• azurekv:// - Azure KeyVault

• gcpsm:// - GCP Secret Manager

• file:// - local files (using Kubernetes mounted secrets)

For information about using secrets in IAM policies, review the IAM policy examples for secrets in AWS secrets Manager.

Note: Make sure you provide the correct permissions for Okera to access your secrets file.