Using AWS Secrets Manager secrets instead of database credentials in Amazon QuickSight

Intended audience: Amazon QuickSight Administrators and Amazon QuickSight developers

AWS Secrets Manager is a secret storage service that you can use to protect database credentials, API keys, and other secret information. Using a key helps you ensure that the secret can't be compromised by someone examining your code, because the secret isn't stored in the code. For an overview, see the AWS Secrets Manager User Guide.

Amazon QuickSight administrators can grant QuickSight read-only access to secrets they create in Secrets Manager. These secrets can be used in place of database credentials when creating and editing data sources using the QuickSight API.

QuickSight supports using secrets with data source types that support credential pair authentication. Jira and ServiceNow are not currently supported.

Note

If you use AWS Secrets Manager with Amazon QuickSight, you are billed for access and maintenance as described in the AWS Secrets Manager Pricing page. In your billing statement, the costs are itemized under Secrets Manager and not under QuickSight.

Use the procedures described in the following sections to integrate Secrets Manager with Amazon QuickSight.

Topics

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Setting granular access to AWS services through IAM

Grant QuickSight access to Secrets Manager