Note: this component is designated "advanced", which means that objects of this type are not expected to be created or altered in most environments. If you believe that such a change is necessary, you may want to contact support in order to understand the potential impact of that change.
The Amazon Secrets Manager Password Storage Scheme provides a mechanism for authenticating users whose passwords are stored in the Amazon AWS Secrets Manager service.
This password storage scheme only supports authenticating users and does not allow password changes. Password changes must be made in the AWS Secrets Manager service.
When updating a user account to use this password storage scheme, the password must be provided in pre-encoded form (which will likely require using the password update behavior request control with the allowPreEncodedPassword element set to true). The encoded password should consist of the prefix "{AWS-SECRETS-MANAGER}" followed by a JSON object with the following fields:
{AWS-SECRETS-MANAGER}{"id":"secret-name","field":"field-name"}
The Amazon Secrets Manager Password Storage Scheme component inherits from the Password Storage Scheme
The following components have a direct aggregation relation from Amazon Secrets Manager Password Storage Schemes:
The properties supported by this managed object are as follows:
| Basic Properties: | Advanced Properties: |
|---|---|
| description | None |
| enabled | |
| aws-external-server | |
| default-field |
| Description | A description for this Password Storage Scheme |
| Default Value | None |
| Allowed Values | A string |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | Indicates whether the Password Storage Scheme is enabled for use. |
| Default Value | None |
| Allowed Values | true false |
| Multi-Valued | No |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
| Description | The external server with information to use when interacting with the AWS Secrets Manager service. |
| Default Value | None |
| Allowed Values | The DN of any Amazon Aws External Server. |
| Multi-Valued | No |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
| Description | The default name of the field in JSON objects contained in the AWS Secrets Manager service that contains the password for the target user. The name of the default JSON field in secret objects whose value will be used as the user's password. This will be used if the encoded password does not contain a field named "field". |
| Default Value | None |
| Allowed Values | A string |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
To list the configured Password Storage Schemes:
dsconfig list-password-storage-schemes
[--property {propertyName}] ...
To view the configuration for an existing Password Storage Scheme:
dsconfig get-password-storage-scheme-prop
--scheme-name {name}
[--tab-delimited]
[--script-friendly]
[--property {propertyName}] ...
To update the configuration for an existing Password Storage Scheme:
dsconfig set-password-storage-scheme-prop
--scheme-name {name}
(--set|--add|--remove) {propertyName}:{propertyValue}
[(--set|--add|--remove) {propertyName}:{propertyValue}] ...
To create a new Amazon Secrets Manager Password Storage Scheme:
dsconfig create-password-storage-scheme
--scheme-name {name}
--type amazon-secrets-manager
--set enabled:{propertyValue}
--set aws-external-server:{propertyValue}
[--set {propertyName}:{propertyValue}] ...
To delete an existing Password Storage Scheme:
dsconfig delete-password-storage-scheme
--scheme-name {name}