Skip to content

Provide Secure Credentials

Sensitive credentials cannot be provided in plaintext, and instead must be provided in a secrets file either from local secret sources such as Kubernetes secrets, or from Cloud secrets managers services.

Okera recommends (for auditability) that you create a new system user for Okera in your underlying database, and use those credentials in your Okera connection to that database.

Note: This system user must have read access to your data.

Secure credential stores that are supported by Okera include:

For information about using secrets in IAM policies, review the IAM policy examples for secrets in AWS Secrets Manager.

Note: Make sure you provide the correct permissions for Okera to access your secrets file.