By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Is it possible to store DMS Endpoint credentials in HashiCorp Vault

0

I have two AWS DMS endpoints, one connecting to AWS RDS for Oracle and another one to AWS Aurora MySQL. Currently, the login passwords are provided through Terraform in clear text. I wonder if there is a way to store DMS endpoint credentials in Vault. My client prefers Vault to AWS Secrets Manager.

The organization already has Vault secrets set up for applications. I have access to Vault secrets through the web UI, but I have no idea how applications use Vault. I am a DBA. Any advice is appreciated. Thanks.

Gary

Topics
Migration & Modernization
Tags
AWS Database Migration ServiceTerraform
Language
English
Gary Y
asked 7 months ago228 views
3 Answers
0

You can use secrets manager to store the passwords. I have seen customers create their own solution when integrating with Hashicorp vault and syncing the passwords with secrets manager. I don't know if this is possible without some form of engineering to syncronise passwords or using Vault secrets directly.

AWS
Oli
answered 7 months ago
0

Use terraform to create the AWS secret with no values and set the lifecycle to ignore changes.

Then manually populate the AWS secrect with the username and password.

Here your able to reference the terraform resource in your DMS settings.

profile picture
EXPERT
Gary Mclean
answered 6 months ago
0

Oli and Gary Mclean,

Thank you for comment on my question!

Gary

Gary Y
answered 6 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content