Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.optexity.com/llms.txt

Use this file to discover all available pages before exploring further.

Use AWS Secrets Manager to store sensitive data like passwords and API keys. Values are retrieved at runtime without exposing secrets in your workflow.

Setup

Create a Secret in AWS

  1. Go to the AWS Secrets Manager console
  2. Click Store a new secret
  3. Choose Other type of secret (key/value pairs or plain text)
  4. Name your secret (e.g. my-app/prod/login)
  5. Note the secret name and the AWS region it was created in

Create IAM Credentials

  1. Go to the IAM console
  2. Create a user or role with the following policy:
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "secretsmanager:GetSecretValue",
      "Resource": "arn:aws:secretsmanager:<region>:<account-id>:secret:<secret-name>*"
    }
  ]
}
  1. Generate an access key and copy the credentials

Configure Environment

Add them directly on the Integrations page of the dashboard, or add to your .env file: 
AWS_ACCESS_KEY_ID=your_access_key_id
AWS_SECRET_ACCESS_KEY=your_secret_access_key

Usage

Move parameters from input_parameters to secure_parameters: Before: 
{
  "input_parameters": {
    "password": ["password_value"]
  }
}
After (plain string secret): 
{
  "secure_parameters": {
    "password": [{
      "amazon_secrets_manager": {
        "secret_name": "my-app/prod/login",
        "region_name": "us-east-1",
        "key": "password"
      }
    }]
  }
}
After (JSON secret — extract a single key): If your secret is stored as a JSON object like {"username": "admin", "password": "s3cr3t"}, use the key field to pluck the value you need: 
{
  "secure_parameters": {
    "password": [{
      "amazon_secrets_manager": {
        "secret_name": "my-app/prod/login",
        "region_name": "us-east-1",
        "key": "password"
      }
    }]
  }
}

Properties

PropertyTypeDefaultDescription
secret_namestrRequiredName or ARN of the secret in AWS Secrets Manager
region_namestrRequiredAWS region where the secret is stored (e.g. "us-east-1")
keystrnullKey to extract from the secret (plain string or JSON object)
typestrnullSet to "totp_secret" to generate TOTP codes
digitsintnullRequired when type is "totp_secret" (e.g. 6)

TOTP from AWS Secrets Manager

Store a TOTP secret in AWS Secrets Manager and generate codes at runtime: 
{
  "secure_parameters": {
    "auth_code": [{
      "amazon_secrets_manager": {
        "type": "totp_secret",
        "secret_name": "my-app/prod/totp",
        "region_name": "us-east-1",
        "digits": 6
      }
    }]
  }
}
If the TOTP secret is stored inside a JSON object, combine key with type: "totp_secret": 
{
  "secure_parameters": {
    "auth_code": [{
      "amazon_secrets_manager": {
        "type": "totp_secret",
        "secret_name": "my-app/prod/login",
        "region_name": "us-east-1",
        "key": "totp_secret",
        "digits": 6
      }
    }]
  }
}
See TOTP Integration for more 2FA options.

Revoking Access

Deactivate or delete the IAM access key from the AWS console at any time to immediately revoke access.