# Using Amazon Web Services Secrets Manager in connections

Video guide: Set up connections safely with AWS Secrets Manager

In this guide, we'll show you how to use secrets from your Amazon Web Services (AWS) Secrets Manager vault to configure Workato connections.

# Prerequisites

To complete the steps in this guide, you'll need:

# Step 1: Retrieve the secret's details from AWS


Sign in to your AWS Management Console and open the Secrets Manager console (opens new window).


In the navigation pane, click Secrets.


Click the secret you plan to use in Workato.


In the Secret details section, locate the Secret name and Secret ARN:

Highlighted secret name and ARN in AWS Secrets Manager

Keep this page open - you'll need it to complete the next step.

# Step 2: Configure a Workato connection


Create a new connection or open the configuration page for an existing connection in your Workato account.


Click the corresponding input field for connection parameters referencing an external secret. The Add external secret option appears.


Select Add external secret to open the Add external secret popup.


Enter the Key name and Secret ARN in the Add external secret popup.

Add AWS external secretAdd external secret


Select Done. The secret appears as a masked datapill in the input field on the connection page.

Select the datapill to edit the secret.


Click Connect and verify that this connection works.

If you prefer to add the secret with a secret mask, follow this syntax for the secrets used in Workato connection credentials:

{{workato:sm:<key name>:<secret ARN>}}
  • <key name>

  • Refers to the specific key name within a secret, not the secret name itself. For example, in a secret named jira, there may be a key/value pair where prod.jira.secret.key is the key name, and its value is the actual personal access token.

  • <secret ARN>

  • The Amazon Resource Name (ARN) for the secret in AWS Secrets Manager. For example:


In this example, prod.jira.secret.key is the key name in a secret named jira, and arn:aws:secretsmanager:us-east-1:137149879143:secret:prod-jira-credentials-FsmeTs is the secret ARN.

In the connection's configuration page, paste this entire value into the appropriate field. The following image shows a secret being used as the Custom Service client secret value in a Jira connection:

JIRA connection in Workato configured with an AWS secret

# Step 3: Complete your connection setup

Select Connect to authorize and complete your connection setup.

Last updated: 6/13/2024, 4:45:02 PM