# Setting Up Secrets Manager for Workspaces

In this guide, we demonstrate how you can create an IAM role in AWS, and configure secrets management for your Workato account at the workspace level.

WARNING

Switching to workspace-specific secrets management causes all previously-configured external secret references to stop working.

Ensure that the IAM role in Workato provides access using the workspace-level external ID, so all secrets currently in use continue working.

After your AWS Secrets Manager successfully connects to Workato, you can start using secrets when configuring connections.

# Prerequisites

To complete the steps in this guide, you must have the following:

  • In Workato:

    • An account with the Data Monitoring/Advanced Security & Compliance add-on. For more information, contact your Workato Customer Success Manager.
  • In Amazon Web Services (AWS):

    • Permissions that allow you to create and modify IAM permissions policies
    • Permissions that allow you to create and modify IAM roles

# Step 1: Select the scope for secrets management

1

Sign in to your Workato account.

2

Navigate to Settings > Secrets management.

3

In Scope, select the option “Set up secrets management for the entire workspace”.

Workato secrets management, selecting workspace scope

# Step 2: Select the secrets manager

1

Continuing from the previous step, in the field In the Which secrets manager do you want to use?, select AWS Secrets Manager.

Choosing AWS workspace secrets manager

2

The Workato interface displays the guides for some of the next steps of the process:

  • Create a new permission policy and role in AWS
  • Add the role to your Workato account

Next steps in Workato

# Step 3: Select the AWS Account ID and external ID

1

In the Create a new permission policy and role in AWS guide detail, Workato displays the IAM details. Note them to use in the following steps:

AWS Account ID
Copy the AWS Account ID value, to use in ongoing configuration of the secrets manager.
External ID
Copy the value, to use in ongoing configuration of the secrets manager.
The value should be of the form workato_iam_external_id_wwwww, where wwwww is the ID of the workspace.

ID values for AWS workspace secrets manager

# Step 4: Create IAM role and ARN retrieval

Refer to the IAM role-based authentication for AWS page for instructions on how to create an IAM role for Workato, create an IAM permissions policy, and retrieve your Amazon resource name (ARN).


Last updated: 1/2/2024, 7:18:05 PM