Skip to main content

Configure workflow execution

When using Secure Agent for extraction, source system credentials (secrets) required for workflow execution are stored in a Secret Manager. This guide provides steps to set up workflows with Secure Agent and specify the secret details it uses during workflow execution.

Before you begin

Before configuring Secure Agent for workflow execution, ensure you have:

  • A registered and active Secure Agent.
  • Access to one of the supported secret stores: AWS Secrets Manager, Azure Key Vault, GCP Secret Manager, environment variable-based secret injection technique, or a custom secret store.

Configure secrets retrieval for workflow execution

Follow these steps to configure Secure Agent to retrieve secrets from a secret store required for the workflow execution. This is necessary for secure data access while running your workflows.

💪 Did you know?

For each field, you can enter either the name of a secret stored in your secret manager or the actual value. Use secret names when using a secret store with Secure Agent, or enter values directly if no secret is required.

Secure Agent retrieves the required secrets from AWS Secrets Manager during workflow execution. Follow these steps to configure retrieval under the Secure Agent configuration section:

  • Secret path in Secret Manager: Provide the Amazon Resource Name (ARN) or the path of the secret that contains the sensitive configuration details required for the connector. These details may include credentials such as username, password, or other sensitive information needed by the Secure Agent to securely access data during workflow execution.
  • AWS region: Select the region where your AWS Secrets Manager is located.
  • AWS authentication method: Select how you want the Secure Agent to authenticate when executing the workflow. Choose one:
    • IAM (Recommended): Use this method if the secure agent was configured to use the AWS IAM permissions to access secrets.
    • IAM Assume Role: Use this method if the agent was configured to access secrets via cross-account roles.
    • AWS Assume Role ARN: Provide the IAM Role ARN that grants the Secure Agent permission to retrieve secrets.
    • Access Key & Secret Key: Use this method if the agent was configured to use the AWS Access Key ID and Secret Access Key via environment variables or Kubernetes secrets.

Next steps

After configuring the Secure Agent, return to your connector’s setup guide and continue the workflow setup.