I am using the AWS Assume Role plugin with the Amazon S3 plugin. Entering the credentials (e.g., Access Key, Access Key Secret, Role ARN, Role, etc.) directly in the Appian designer console when creating the connected system is non-ideal. An ideal solution would be to natively integrate with AWS Secrets Manager, which would allow for automated secrets rotation. In the interim I would like to use Appian's SCS. How can I inject the secrets in the Assume Role Plug-in using the SCS? From what I've read the Third Party Credentials can only be used by Java plugins. Do I need to create a new plugin? Do you have an example that goes through this kind of use case step-by-step? This is the only documentation I've found -- how would the custom plugin then inject the secrets into the AWS Assume Role plugin?
Discussion posts and replies are publicly visible
Your screenshot above is a Connected System - as far as I know, SCS keys aren't used for connected systems, but instead passed directly into the plug-in (if applicable) when it's called. The one example I've worked with is the sFTP plug-in, which in older versions had a field in the node itself called "SCS External System Key", which would consume the key itself at runtime.
Okay, I think this makes sense now Mike Schmitt -- the only option at the moment is to modify the source code of the existing plugin and create a custom plug-in which calls on the external system key?
For me it looks like the plugin provides a function that you call and it returns credentials in some form. But, you cannot use this to configure a connected system. I think it is meant to user other plugins or plain HTTP connections to access other AWS resources.
Yes, that is pretty much your only option at the moment.