Aws-toolkit-jetbrains: Datagrip - Connect to RDS instances with AWS secrets manager

Created on 17 Jan 2020  路  7Comments  路  Source: aws/aws-toolkit-jetbrains

Is your feature request related to a problem? Please describe.

I am unable to automatically retrieve database connection credentials from AWS secrets manager and use those credentials to log in with DataGrip.

Describe the solution you'd like

I'd like to pass a secret name to a datasource and get a connection as a result.

Describe alternatives you've considered

Manually copying values from a secret is a current workaround, but auto-rotation could cause headaches.

Additional context

As a user of this plugin, I want to be able to connect to an RDS instance using an Amazon managed secret. That way, I can manage my database passwords without having to manually open the console and update my password when it auto-rotates.

Echoes #1238, but specific to using secrets manager.

auth feature-request

Most helpful comment

Installed the plugin and it appears to work when handling IAM auth against a Postgres RDS connection through PyCharm. If I run into issues I will let you know.

All 7 comments

Hello, I made a preview release for this feature: https://github.com/aws/aws-toolkit-jetbrains/releases/tag/datagrip-alpha. It requires a paid JetBrains product 2020.1+, like Datagrip or Intellij Ultimate. Any comments or suggestions are appreciated, especially if you find issues with it working for your setup.

Hey @colonelpopcorn, Hunter has linked a custom build that has introduced support for this. If you have time, can you please poke at it and validate it works for your use case?

Hi, unrelated to @colonelpopcorn but I just tested this alpha release and it works great for us. The one little feature I would request is that it would also get host and port from the secret if available (or at least provide the option to have it do so)

Hi, unrelated to @colonelpopcorn but I just tested this alpha release and it works great for us. The one little feature I would request is that it would also get host and port from the secret if available (or at least provide the option to have it do so)

I considered doing that, but there is currently no way to hide host and port in the Datagrip UI. I'll see if we can come up with a better way to do it.

edit: there doesn't seem to be a way to hide host and port in the UI, but I think it still makes sense to add the option, PR here: https://github.com/aws/aws-toolkit-jetbrains/pull/1971

Installed the plugin and it appears to work when handling IAM auth against a Postgres RDS connection through PyCharm. If I run into issues I will let you know.

So far everything working great for me. One thing I would like (but probably a lot of work) is if we can have it automatically provision connections from AWS Secrets Manager, i.e. List all secrets with a certain filter (based on tags for example).

This has been released in 1.18, please open bug reports if you find any issues

Was this page helpful?
0 / 5 - 0 ratings