Creating a secret for database connection credentials
You can create a Secrets Manager secret to store credentials used to connect to an Amazon Redshift provisioned cluster or Redshift Serverless namespace and workgroup. You can also use this secret when scheduling a query in Amazon Redshift query editor v2.
To create a secret for a database in an Amazon Redshift provisioned cluster using the Secrets Manager console
-
Open the Secrets Manager console (https://console.aws.amazon.com/secretsmanager/
). -
Navigate to the list of Secrets and choose Store a new secret.
-
Choose Credentials for Amazon Redshift data warehouse. Enter your information in the steps to create a secret as follows:
-
In Credentials for User name, enter the name of the administrative user of the data warehouse.
-
In Credentials for Password, enter the password for the User name.
-
For Encryption key, choose your encryption key.
-
For Data warehouse, choose the Amazon Redshift provisioned cluster that contains your data.
-
For Secret name, enter a name for the secret.
-
For Description, enter a description of the secret.
-
For Tags, enter a Tag key with the word
Redshift
. This tag key is needed to list secrets when you attempt to connect to your data warehouse using Amazon Redshift query editor v2. The secret must have a tag key that starts with the stringRedshift
for the secret to be listed under AWS Secrets Manager on the management console.
-
-
Continue entering information about your secret through several steps until you Store your changes on the Review step.
The specific values of your credentials, engine, host, port, and cluster identifier are stored in the secret. Also, the secret is tagged with the tag key
Redshift
.
To create a secret for a database in a Redshift Serverless namespace using the Redshift Serverless console
Sign in to the AWS Management Console and open the Amazon Redshift console at https://console.aws.amazon.com/redshiftv2/
. -
Choose Redshift serverless and navigate to Namespace configuration.
-
Choose a namespace for which to create secret credentials.
-
Open Actions, Edit admin credentials.
-
For Admin password, choose Manage admin credentials in AWS Secrets Manager.
-
Choose Save changes to save your changes.
Confirm that a message appears that the password successfully changed. You can also
view the secret in the Secrets Manager console. You can use this secret to connect to a database
in a workgroup in the Redshift Serverless console and Amazon Redshift query editor v2, using the AWS Secrets Manager connection
method. The secret must have a tag key that starts with the string "Redshift"
for the secret to be listed on the query editor v2 web application.
The secret must have a tag key
that starts with the string Redshift
for the secret to be listed
under AWS Secrets Manager on the management console.
To create a secret for a database in a Redshift Serverless namespace using the Secrets Manager console
-
Open the Secrets Manager console (https://console.aws.amazon.com/secretsmanager/
). -
Navigate to the list of Secrets and choose Store a new secret.
-
Choose Credentials for Amazon Redshift data warehouse. Enter your information in the steps to create a secret as follows:
-
In Credentials for User name, enter the name of the administrative user of the data warehouse.
-
In Credentials for Password, enter the password for the User name.
-
For Encryption key, choose your encryption key.
-
For Data warehouse, choose the Redshift Serverless namespace that contains your data.
-
For Secret name, enter a name for the secret.
-
For Description, enter a description of the secret.
-
For Tags, enter a Tag key with the word
Redshift
. This tag key is needed to list secrets when you attempt to connect to your data warehouse using Amazon Redshift query editor v2. The secret must have a tag key that starts with the stringRedshift
for the secret to be listed under AWS Secrets Manager on the management console.
-
-
Continue entering information about your secret through several steps until you Store your changes on the Review step.
The specific values of your credentials, database name, host, port, namespace, and engine are stored in the secret. Also, the secret is tagged with the tag key
Redshift
.
To create a secret for a database in a Redshift Serverless namespace using the AWS CLI
You can use the AWS CLI to create a secret. One method is to use AWS CloudShell to run the Secrets Manager AWS CLI command as follows. You must have the proper permissions to run the AWS CLI commands shown in the following procedure.
-
On the AWS console, open the AWS CloudShell command prompt. For more information about AWS CloudShell, see What is AWS CloudShell in the AWS CloudShell User Guide.
-
For example, for the secret
MyTestSecret
enter an Secrets Manager command to store the secret that is used to connect to a database or schedule an Amazon Redshift query editor v2 query. Replace the following values in the command with values for your environment:-
admin
is the administrator user name for the data warehouse. -
passw0rd
is the password of the administrator. -
dev
is the initial database name in the data warehouse. -
region
is the AWS Region that contains the data warehouse. For exampleus-east-1
. -
123456789012
is the AWS account. -
namespace-id
is the namespace identifier similar toc3928f0e-c889-4d2b-97a5-5738324d5d3e
. You can find this identifier on the Amazon Redshift console details page for the serverless namespace.
aws secretsmanager create-secret \ --name MyTestSecret \ --description "My test secret created with the CLI." \ --secret-string "{\"username\":\"
admin
\",\"password\":\"passw0rd
\",\"dbname\":\"dev
\",\"engine\":\"redshift\"}" \ --tags "[{\"Key\":\"redshift-serverless:namespaceArn\",\"Value\":\"arn:aws:redshift-serverless:region
:123456789012
:namespace/namespace-id
\"}]" -