Secret Requirements
Note: This feature is available in Enterprise and AWS editions only.
This guide explains:
- which fields are read from a secret provider and mapped to connection configuration.
- how to reference a secret by name in the Connection wizard.
- how to troubleshoot common issues.
A secret must contain connection parameters with names and values that match the selected database driver. These values are applied to connection settings at runtime.
Tip: For a step-by-step example, see Set up a secret provider.
CloudBeaver reads connection parameters from key-value pairs in a secret and applies them to connection settings. The secret must store data in key-value format.
Important:
- Key names must match driver connection parameter names. For information on driver-specific fields, see your database driver documentation.
- Values from the secret override values entered in the connection configuration.
| Type | Description |
|---|---|
| Connection parameters | Standard connection settings such as host, port, database, or URL. |
| Credentials | Authentication settings such as username and password. |
| Driver properties | Additional parameters supported by the selected database driver. |
Secret:
{
"host": "db.example.com",
"port": 5432,
"user": "admin",
"password": "password"
}Connection settings:
- Host ->
db.example.com - Port ->
5432 - Username ->
admin - Password ->
password
When creating a connection, select a secret provider and enter the secret name in the Secret parameters field.
The value must match the identifier used in your provider.
- For HashiCorp Vault, use the full secret path (for example,
secret/demo-db). - For AWS Secrets Manager, use the secret name (for example,
my-secret). - For CyberArk Conjur, use the full variable path (for example,
db/postgres/demo-db).
If the secret path does not match the location in your provider:
- Verify the path format for your provider.
- For Vault, use the full path (for example,
secret/dvdrental).
If the current authentication does not have access to the secret:
- Check token or role policies.
- Ensure the path is allowed (for Vault KV v2 -
secret/data/...).
If the secret uses incorrect keys, verify key names match driver parameters.
- Getting started
- Create connection
- Connection network options
- Supported databases
-
Drivers management
- Database authentication methods
- Database navigator
- Properties editor
- Data editor
- SQL editor
-
Entity relation diagrams
- Cloud services
- Data transfer
- General user guide
- Administration
- Server configuration
-
Server security and access configuration
- Authentication methods
- Access management
- Proxy configuration
-
Secret management
- Logs
-
Query manager
- Workspace location
- Command line parameters
-
Session manager
- Deployment options
- CloudBeaver Editions
- FAQ
- Development