AWS Secrets Manager

Protecting configuration with AWS Secrets Manager

Amazon AWS Secrets Manager can be utilized on an EC2 instance hosting Keeper Commander in order to protect and store the configuration data.

The AWS Secrets Manager protected storage resource URL format is as follows:

aws-sm://<SECRET-REGION>/<SECRET_NAME>

Example:

aws-sm://us-west-2/commander/config

The secret name should contain URL-safe characters and not start with forward slash /

Keeper Commander requires the following access permissions to the secret resource

  • secretsmanager:GetSecretValue

  • secretsmanager:PutSecretValue

Example AWS policy granting access to secret

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "secretsmanager:GetSecretValue",
                "secretsmanager:PutSecretValue"
            ],
            "Resource": "arn:aws:secretsmanager:<region-id>:<account-id>:secret:<unique-secret-name>"
        }
    ]
}

Keeper Commander installed with pip requires boto3 package to present in the virtual environment

pip install boto3

Last updated