1. Overview

You can integrate Prisma Cloud with AWS Secrets Manager. First, configure Prisma Cloud to access AWS Secrets Manager, then create rules to inject the relevant secrets into the relevant containers.

Prerequisites:

  • The service account Prisma Cloud uses to access the secrets store must have the following permissions:

    • secretsmanager:GetSecretValue

    • secretsmanager:ListSecrets

  • You have created a secret in AWS Secrets Manager. Automatic rotation must be disabled. Prisma Cloud supports the key-value secret type only. When storing a new secret, select Other type of secrets, then Secret key/value.

    aws secrets manager secret type
  1. Open Prisma Cloud Console.

  2. Integrate Prisma Cloud with the secrets store.

    1. Go to Manage > Authentication > Secrets, and click Add store.

    2. Enter a name for the store. This name is used when you create rules to inject secrets into specific containers.

    3. For Type, select AWS Secrets Manager, then fill out the rest of the form, including your credentials.

    4. Fill out the rest of the form, specifying how to connect to the Secrets Manager.

    5. Click Add.

      After clicking Add, Prisma Cloud tries connecting to your secrets manager. If successful, the dialog closes, and an entry is added to the table. Otherwise, connection errors are displayed directly in the configuration dialog.