secret-manager
Note
This feature is available in dbvr Pro only.
secret-manager - manage secret manager configurations in dbvr.
Synopsis¶
Tip
You can also use global options with this command.
Description¶
By default, database credentials are stored in the workspace configuration. Secret managers let you avoid that - instead of putting passwords into config files, dbvr fetches them from an external secrets service at runtime. This keeps credentials out of the workspace and makes it easier to rotate them without updating datasource configurations.
Supported secret managers:
| Secret manager | Description | Documentation |
|---|---|---|
| AWS Secrets Manager | Managed service from AWS for storing and retrieving secrets securely. Requires IAM permissions. | AWS documentation |
| AWS Systems Manager Parameter Store | AWS service for storing configuration data and secrets. Integrates with IAM and supports encryption via KMS. | AWS documentation |
| HashiCorp Vault | Open-source tool for managing secrets and protecting sensitive data. Supports fine-grained access control. | HashiCorp documentation |
| CyberArk | Enterprise-grade security platform designed for managing privileged access and secrets. | CyberArk documentation |
Before configuring a secret provider in dbvr, ensure that:
- Secret provider is set up.
- You have the necessary access permissions.
Info
- See step-by-step example for a complete walkthrough.
- For information on secret name formats and supported fields, see Secret requirements.
To use a secret manager with a datasource, pass --secret-manager and --secret-name to
datasource create or datasource update.
You can create, update, view, list, or delete secret manager configurations from the command line.
Commands¶
Create a new secret manager configuration.
Update an existing secret manager configuration.
Delete a secret manager configuration.
List all configured secret managers.
View the full configuration of a specific secret manager.