Provide Secure Credentials¶
Okera recommends that you use secure credentials. Sensitive credentials should not be provided in plaintext, and instead should be provided in a secrets file either from local Secret sources such as Kubernetes secrets, or from Cloud secrets managers services.
Okera recommends (for auditability) that you create a new system user for Okera in your underlying database, and use those credentials in your Okera connection to that database.
Note: This system user must have read access to your data.
Secure credential stores that are supported by Okera include:
-
awsps://
- AWS System Manager Parameter Store -
awssm://
- AWS Secrets Manager -
azurekv://
- Azure KeyVault -
gcpsm://
- GCP Secret Manager -
file://
- local files (using Kubernetes mounted secrets)
For information about using secrets in IAM policies, review the IAM policy examples for secrets in AWS secrets Manager.
Note: Make sure you provide the correct permissions for Okera to access your secrets file.