External Secret Managers Private Preview

External Secret Managers let you manage destination and connection credentials in an external secret management system, such as Azure Key Vault. For a feature overview, see External Secret Managers.

In this tab, you can do the following:

• Create new external secret manager
• View external secret manager
• Edit external secret manager
• Make external secret manager the default manager
• Delete external secret managers

Create new external secret manager

Prerequisites

Before creating a new External Secret Manager in Fivetran, ensure you have configured your secret manager provider. See the setup guide for your provider:

• Azure Key Vault
• AWS Secrets Manager
• HashiCorp Vault

Instructions

To create a new External Secret Manager, follow these steps:

1. Go to Account Settings > General > External Secrets Managers.

2. Click Create new secrets manager.

3. Select a deployment model:

   • SaaS Deployment
   • Hybrid Deployment
   The deployment model of the External Secret Manager must match the deployment model of the connection or destination that will use it.

4. Select a Secret manager provider:

   • Azure Key Vault
   • AWS Secrets Manager
   • HashiCorp Vault

5. Enter a Secret Manager Name.

   You cannot change the secret manager name after it is created.

6. Provide the following information for your provider:

   Azure Key VaultAWS Secrets ManagerHashiCorp Vault

   SaaS Deployment

   • Vault URL: The Vault URI from your Azure Key Vault overview page.
   • Tenant ID: The Directory (tenant) ID of your Azure Active Directory.

   Hybrid Deployment

   • Vault URL: The Vault URI from your Azure Key Vault overview page.
   • Role ARN: The ARN of the IAM role you created in AWS.
   • Vault Address: Your Vault server's address.
   • Vault Role: The Vault role name you configured in HashiCorp Vault.
   • Vault Path: The path at which your secrets are stored.
   • Namespace (optional): Your Vault namespace, if you have one.
   • Auth Method:
     • For SaaS Deployment: Select AWS IAM, then enter the AWS Role ARN of the IAM role you created in AWS.
     • For Hybrid Deployment: Select AWS IAM with EC2 instances.

7. Click Add secrets manager.

The new External Secret Manager is created and displayed in the list of External Secret Managers.

View external secret manager

To view an existing External Secret Manager, follow these steps:

1. Go to Account Settings > General > External Secrets Managers.
2. Click the name of the external secret manager you want to view.

The following information is displayed on the details page:

• Secrets manager name: The unique name of the external secret manager.
• Secrets manager ID: The unique identifier of the external secret manager.
• Secrets manager provider: The provider of the external secret manager (e.g., Azure Key Vault).
• Last updated by: The user who last updated the external secret manager.
• Created at: The date and time when the external secret manager was created.
• Updated at: The date and time when the external secret manager was last updated.
• Deployment Type:
  • SaaS Deployment
  • Hybrid Deployment
• Used by: Lists the connections and destinations that use this external secret manager.

The Actions button on the External Secret Manager details page allows you to edit, make default, or delete the external secret manager.

Edit external secret manager

To edit an existing External Secret Manager, follow these steps:

1. Go to Account Settings > General > External Secrets Managers.
2. Click the name of the external secret manager you want to modify.
3. Click Actions > Edit.
4. Update the necessary fields.
   You cannot change the secret manager name.

5. Click Save changes.

Make external secret manager default manager

To make an External Secret Manager the default one, follow these steps:

1. Go to Account Settings > General > External Secrets Managers.
2. Click the name of the external secret manager you want to make the default one.
3. Click Actions > Make default.

Delete external secret manager

To delete an External Secret Manager, follow these steps:

1. Go to Account Settings > General > External Secrets Managers.
2. Click the name of the external secret manager you want to delete.
3. Click Actions > Delete.
4. In the confirmation window, click Delete manager.