Secure Credentials Store - Plugin Integration

I am using the AWS Assume Role plugin with the Amazon S3 plugin. Entering the credentials (e.g., Access Key, Access Key Secret, Role ARN, Role, etc.) directly in the Appian designer console when creating the connected system is non-ideal. An ideal solution would be to natively integrate with AWS Secrets Manager, which would allow for automated secrets rotation. In the interim I would like to use Appian's SCS. How can I inject the secrets in the Assume Role Plug-in using the SCS? From what I've read the Third Party Credentials can only be used by Java plugins. Do I need to create a new plugin? Do you have an example that goes through this kind of use case step-by-step? This is the only documentation I've found -- how would the custom plugin then inject the secrets into the AWS Assume Role plugin?

  Discussion posts and replies are publicly visible

Parents
  • 0
    Certified Lead Developer

    All plugins include their source code. That is a good inspiration. Did you consider to modify the AWS Assume Role plugin to directly work with the SCS?

  • Thank you  . I downloaded the source code for the assume role plugin. From the assumeRole function in the code, isn't it already setup to access the SCS?:

      @Function
      public TypedValue assumeRole(TypeService ts, SecureCredentialsStore scs,
        @Parameter(required = true) String secureCredentialsStoreKey,
        @Parameter(required = true) String region,
        @Parameter(required = true) String roleARN,
        @Parameter(required = true) String roleSessionName,
        @Parameter(required = false) String externalID)
    
      {
        AppianTypeFactory tf = AppianTypeFactory.newInstance(ts);
        AppianObject returnValue = (AppianObject) tf.createElement(AppianType.DICTIONARY);
        Map<String, String> store = null;
        try {
          store = scs.getSystemSecuredValues(secureCredentialsStoreKey);
        } catch (InsufficientPrivilegesException | ObjectNotFoundException e) {
          LOG.error("Error accessing the AWS credentials from the secure credentials store " + secureCredentialsStoreKey, e);
          errorMessage = "Error accessing the AWS credentials from the secure credentials store " + secureCredentialsStoreKey + " Error is: " +
            e.getMessage();
          returnValue.put("errorMessage", tf.createString(errorMessage));
          return tf.toTypedValue(returnValue);
        }

    If so, can you please explain how to access these values in the plugin (from the designer console)?

  • 0
    Certified Lead Developer
    in reply to aimeeo8980

    Did the plugin ZIP file include some documentation in a PDF file?

Reply Children