Creating a secret for database connection credentials
You can create a Secrets Manager secret to store credentials used to connect to an Amazon Redshift provisioned cluster or Redshift Serverless namespace and workgroup. You can also use this secret when scheduling a query in Amazon Redshift query editor v2.
To create a secret for a database in an Amazon Redshift provisioned cluster using the Secrets Manager console
-
Open the Secrets Manager console (https://console.amazonaws.cn/secretsmanager/
). -
Navigate to the list of Secrets and choose Store a new secret.
-
Choose Credentials for Amazon Redshift data warehouse. Enter your information in the steps to create a secret as follows:
-
In Credentials for User name, enter the name of the administrative user of the data warehouse.
-
In Credentials for Password, enter the password for the User name.
-
For Encryption key, choose your encryption key.
-
For Data warehouse, choose the Amazon Redshift provisioned cluster that contains your data.
-
For Secret name, enter a name for the secret.
-
For Description, enter a description of the secret.
-
For Tags, enter a Tag key with the word
Redshift
. This tag key is needed to list secrets when you attempt to connect to your data warehouse using Amazon Redshift query editor v2. The secret must have a tag key that starts with the stringRedshift
for the secret to be listed under Amazon Secrets Manager on the management console.
-
-
Continue entering information about your secret through several steps until you Store your changes on the Review step.
The specific values of your credentials, engine, host, port, and cluster identifier are stored in the secret. Also, the secret is tagged with the tag key
Redshift
.
To create a secret for a database in a Redshift Serverless namespace using the Redshift Serverless console
Sign in to the Amazon Web Services Management Console and open the Amazon Redshift console at https://console.amazonaws.cn/redshiftv2/
. -
Choose Redshift serverless and navigate to Namespace configuration.
-
Choose a namespace for which to create secret credentials.
-
Open Actions, Edit admin credentials.
-
For Admin password, choose Manage admin credentials in Amazon Secrets Manager.
-
Choose Save changes to save your changes.
Confirm that a message appears that the password successfully changed. You can also
view the secret in the Secrets Manager console. You can use this secret to connect to a database
in a workgroup in the Redshift Serverless console and Amazon Redshift query editor v2, using the Amazon Secrets Manager connection
method. The secret must have a tag key that starts with the string "Redshift"
for the secret to be listed on the query editor v2 web application.
The secret must have a tag key
that starts with the string Redshift
for the secret to be listed
under Amazon Secrets Manager on the management console.
To create a secret for a database in a Redshift Serverless namespace using the Secrets Manager console
-
Open the Secrets Manager console (https://console.amazonaws.cn/secretsmanager/
). -
Navigate to the list of Secrets and choose Store a new secret.
-
Choose Credentials for Amazon Redshift data warehouse. Enter your information in the steps to create a secret as follows:
-
In Credentials for User name, enter the name of the administrative user of the data warehouse.
-
In Credentials for Password, enter the password for the User name.
-
For Encryption key, choose your encryption key.
-
For Data warehouse, choose the Redshift Serverless namespace that contains your data.
-
For Secret name, enter a name for the secret.
-
For Description, enter a description of the secret.
-
For Tags, enter a Tag key with the word
Redshift
. This tag key is needed to list secrets when you attempt to connect to your data warehouse using Amazon Redshift query editor v2. The secret must have a tag key that starts with the stringRedshift
for the secret to be listed under Amazon Secrets Manager on the management console.
-
-
Continue entering information about your secret through several steps until you Store your changes on the Review step.
The specific values of your credentials, database name, host, port, namespace, and engine are stored in the secret. Also, the secret is tagged with the tag key
Redshift
.
To create a secret for a database in a Redshift Serverless namespace using the Amazon CLI
You can use the Amazon CLI to create a secret. One method is to use Amazon CloudShell to run the Secrets Manager Amazon CLI command as follows. You must have the proper permissions to run the Amazon CLI commands shown in the following procedure.
-
On the Amazon console, open the Amazon CloudShell command prompt. For more information about Amazon CloudShell, see What is Amazon CloudShell in the Amazon CloudShell User Guide.
-
For example, for the secret
MyTestSecret
enter an Secrets Manager command to store the secret that is used to connect to a database or schedule an Amazon Redshift query editor v2 query. Replace the following values in the command with values for your environment:-
admin
is the administrator user name for the data warehouse. -
passw0rd
is the password of the administrator. -
dev
is the initial database name in the data warehouse. -
region
is the Amazon Web Services Region that contains the data warehouse. For exampleus-east-1
. -
123456789012
is the Amazon Web Services account. -
namespace-id
is the namespace identifier similar toc3928f0e-c889-4d2b-97a5-5738324d5d3e
. You can find this identifier on the Amazon Redshift console details page for the serverless namespace.
aws secretsmanager create-secret \ --name MyTestSecret \ --description "My test secret created with the CLI." \ --secret-string "{\"username\":\"
admin
\",\"password\":\"passw0rd
\",\"dbname\":\"dev
\",\"engine\":\"redshift\"}" \ --tags "[{\"Key\":\"redshift-serverless:namespaceArn\",\"Value\":\"arn:aws:redshift-serverless:region
:123456789012
:namespace/namespace-id
\"}]" -