AWS – Secrets

 

Open the Secret Manager console and click on button Store a new secret.

Step 1 – Type and Content

Select secret type Other type of secrets and define the key/value pairs as illustrated on this screenshot. At the bottom of the panel, select the encryption key swisspki-secrets you previously defined in the Key Management console.

 

play.http.secret.key

This key is used for securing cryptographic functions. We recommend to generate a random string of at least 64 characters.

 

db.default.url

The database connection string.

jdbc:mysql://<host>:<port>/<database>?useUnicode=yes
&characterEncoding=UTF-8
&connectionCollation=utf8_general_ci
&serverTimezone=CET&noAccessToProcedureBodies=true

 

The hostname (endpoint) to use is the one displayed in the database description tab in the RDS console. The port number and database name are the ones previously defined when creating the database instance, see RDS Database Instance – step 3

 

db.default.username

The user the SwissPKI will use to connect to the database as defined previously, see RDS Database Instance – Create Database User

 

db.default.password

The password to connect to the database as defined previously, see RDS Database Instance – Create Database User

 

swisspki.pbe.salt

Salt used for generating secret keys based on play.http.secret.key. We recommend to generate a random string of at least 8 characters.

 

swisspki.dns

The SwissPKI DNS name used for defining links included in emails and notifications. Usually the hostname you are going to use to access the SwissPKI from internet, or directly the DNS name of the load balancer.

 

swisspki.protocol

The protocol used for defining links included in emails and notifications. Depending on your web server or load balancer configuration, it should be http or https.

 

Click Next

Step 2 – Name and Description

Give the secret a name, e.g. swisspki-secrets-data

 

Click Next

Step 3 – Rotation

For the purpose of this guide we don’t use automatic rotation.

 

Click Next

Step 4 – Review

Finally, review the parameters and click Store to save the secret.