Amazon Secrets Manager 密钥的 JSON 结构
您可以在 Secrets Manager 密钥中存储任何文本或二进制数据。如果要为 Secrets Manager 密钥启用自动轮换,则它必须使用正确的 JSON 结构。在轮替期间,Secrets Manager 会使用密钥中的信息连接到凭证源并更新其中的凭证。
请注意,当您使用控制台来存储某个数据库密钥时,Secrets Manager 会自动以正确的 JSON 结构创建该密钥。
您可以向密钥添加更多键值对(例如在数据库密钥中),以包含其他区域中副本数据库的连接信息。
主题
Amazon RDS MariaDB 密钥结构
{ "engine": "mariadb", "host": "<instance host name/resolvable DNS name>", "username": "<username>", "password": "<password>", "dbname": "<database name. If not specified, defaults to None>", "port": "<TCP port number. If not specified, defaults to 3306>" }
要使用 轮换策略:交替用户,则还需要包含名称-值对:
"masterarn": "<the ARN of the elevated secret>"
Amazon RDS MySQL 密钥结构
{ "engine": "mysql", "host": "<instance host name/resolvable DNS name>", "username": "<username>", "password": "<password>", "dbname": "<database name. If not specified, defaults to None>", "port": "<TCP port number. If not specified, defaults to 3306>" }
要使用 轮换策略:交替用户,则还需要包含名称-值对:
"masterarn": "<the ARN of the elevated secret>"
Amazon RDS Oracle 密钥结构
{ "engine": "oracle", "host": "<required: instance host name/resolvable DNS name>", "username": "<required: username>", "password": "<required: password>", "dbname": "<required: database name>", "port": "<optional: TCP port number. If not specified, defaults to 1521>" }
要使用 轮换策略:交替用户,则还需要包含名称-值对:
"masterarn": "<the ARN of the elevated secret>"
Amazon RDS PostgreSQL 密钥结构
{ "engine": "postgres", "host": "<instance host name/resolvable DNS name>", "username": "<username>", "password": "<password>", "dbname": "<database name. If not specified, defaults to 'postgres'>", "port": "<TCP port number. If not specified, defaults to 5432>" }
要使用 轮换策略:交替用户,则还需要包含名称-值对:
"masterarn": "<the ARN of the elevated secret>"
Amazon RDS Microsoft SQLServer 密钥结构
{ "engine": "sqlserver", "host": "<instance host name/resolvable DNS name>", "username": "<username>", "password": "<password>", "dbname": "<database name. If not specified, defaults to 'master'>", "port": "<TCP port number. If not specified, defaults to 1433>" }
要使用 轮换策略:交替用户,则还需要包含名称-值对:
"masterarn": "<the ARN of the elevated secret>"
Amazon DocumentDB 密钥结构
{ "engine": "mongo", "host": "<instance host name/resolvable DNS name>", "username": "<username>", "password": "<password>", "dbname": "<database name. If not specified, defaults to None>", "port": "<TCP port number. If not specified, defaults to 27017>" }
要使用 轮换策略:交替用户,则还需要包含名称-值对:
"masterarn": "<the ARN of the elevated secret>"
Amazon Redshift 密钥结构
{ "engine": "redshift", "host": "<instance host name/resolvable DNS name>", "username": "<username>", "password": "<password>", "dbname": "<database name. If not specified, defaults to None>", "port": "<TCP port number. If not specified, defaults to 5439>" }
要使用 轮换策略:交替用户,则还需要包含名称-值对:
"masterarn": "<the ARN of the elevated secret>"
Amazon ElastiCache 密钥结构
{ "password": "<password>", "username": "<username>" "user_arn": "ARN of the Amazon EC2 user" }
有关更多信息,请参阅《Amazon ElastiCache 用户指南》中的为用户自动轮换密码。