# Setting Up Secrets Manager for Workspaces
In this guide, we demonstrate how you can create an IAM role in AWS, and configure secrets management for your Workato account at the workspace level.
WARNING
Switching to workspace-specific secrets management causes all previously-configured external secret references to stop working.
Ensure that the IAM role in Workato provides access using the workspace-level external ID, so all secrets currently in use continue working.
After your AWS Secrets Manager successfully connects to Workato, you can start using secrets when configuring connections.
# Prerequisites
To complete the steps in this guide, you must have the following:
In Workato:
- An account with the Data Monitoring/Advanced Security & Compliance add-on. For more information, contact your Workato Customer Success Manager.
In Amazon Web Services (AWS):
- Permissions that allow you to create and modify IAM permissions policies
- Permissions that allow you to create and modify IAM roles
# Step 1: Select the scope for secrets management
Sign in to your Workato account.
Navigate to Settings > Secrets management.
In Scope, select the option “Set up secrets management for the entire workspace”.
# Step 2: Select the secrets manager
Continuing from the previous step, in the field In the Which secrets manager do you want to use?, select AWS Secrets Manager.
The Workato interface displays the guides for some of the next steps of the process:
- Create a new permission policy and role in AWS
- Add the role to your Workato account
# Step 3: Select the AWS Account ID and external ID
In the Create a new permission policy and role in AWS guide detail, Workato displays the IAM details. Note them to use in the following steps:
- AWS Account ID
- Copy the AWS Account ID value, to use in ongoing configuration of the secrets manager.
- External ID
- Copy the value, to use in ongoing configuration of the secrets manager.
- The value should be of the form
workato_iam_external_id_
, wherewwwww
is the ID of the workspace.wwwww
# Step 4: Create IAM role and ARN retrieval
Refer to the IAM role-based authentication for AWS page for instructions on how to create an IAM role for Workato, create an IAM permissions policy, and retrieve your Amazon resource name (ARN).
Last updated: 1/2/2024, 7:18:05 PM