External Secrets Manager Private Preview
Business Critical plan is required to use the External Secrets Managers feature.
Represents an External Secrets Manager (ESM) in a Fivetran account. An ESM stores credentials for source connections and destinations in your own secrets vault rather than in Fivetran, so that Fivetran retrieves them at sync time without persisting them.
Resource attributes
The following attributes define the identity, configuration, and status of the External Secrets Manager resource.
Identity-related attributes
These fields identify the External Secrets Manager instance.
| Field name | Type | Description |
|---|---|---|
id | string, read-only | The unique identifier of the External Secrets Manager instance within the Fivetran system. |
name | string | The name of the External Secrets Manager instance. Must be unique within the account. |
type | string | The ESM provider type. Supported values: AWS_SECRET_MANAGER, AZURE_KEY_VAULT, HASHICORP_VAULT. |
Configuration-related attributes
| Field name | Type | Description |
|---|---|---|
config | object | Provider-specific configuration object. For AWS_SECRET_MANAGER: role_arn (required).For AZURE_KEY_VAULT: vault_url (required), tenant_id (required for SaaS).For HASHICORP_VAULT: vault_address (required), role_id and secret_id (required for SaaS), namespace (optional). |
is_hybrid_deployment_compatible | boolean, read-only | Whether this External Secrets Manager is compatible with Hybrid Deployment environments. |
Status-related attributes
| Field name | Type | Description |
|---|---|---|
created_at | string (ISO-8601), read-only | Timestamp when the External Secrets Manager instance was created. |
updated_at | string (ISO-8601), read-only | Timestamp when the External Secrets Manager instance was last updated. |
Supported operations
Once you have access to the Fivetran API, you can perform the following operations on the External Secrets Manager resource.
| Category | Endpoint | Description |
|---|---|---|
| Provisioning | POST /v1/external-secrets-managers | Creates an External Secrets Manager instance. |
| Updates | PATCH /v1/external-secrets-managers/{esmId} | Updates the configuration of an existing External Secrets Manager. |
| Deletion | DELETE /v1/external-secrets-managers/{esmId} | Permanently removes an External Secrets Manager instance. |
| Retrieval | GET /v1/external-secrets-managersGET /v1/external-secrets-managers/{esmId} | Returns the list of all External Secrets Managers or the details of a specific instance. |
| Entity listing | GET /v1/external-secrets-managers/{esmId}/entitiesGET /v1/external-secrets-managers-entities | Returns the source connections and destinations using a specific ESM or all ESMs. |