This topic describes how to set up a target secret store that represent the target service, for example AWS Secrets Manager, that needs to receive secrets from PAM - Self-Hosted.
This role is created in your AWS account, usually by the AWS Account admin or anyone in the organization who has role creation permissions in the AWS account. For details, see Configure AWS account roles for Secrets Hub.
Add a target secret store
On the Secrets Hub introduction page, click Add a target secret store, and then, from the Select cloud provider dialog box, select AWS.
Define the target secret store and provide the following details:
AWS account ID
The 12-digit account ID of the AWS account that has the AWS Secrets Manager where you store secrets
AWS account alias
The alias of your AWS account
The region where the AWS account is managed. The region is added to the target secret store's name
Target secret store name
Contains the AWS account alias and the account region
Secrets Hub IAM role
The AWS role used to allow Secrets Hub to manage secrets in your AWS Secrets Manager.
See Prerequisite above.
Brief description of the target
For example, this can include the team in your organization that uses the target
(Optional) To validate the details provided above, click Test connection.
If Secrets Hub cannot connect to the target secret store, check that you have entered all the details correctly.
Do one of the following:
Click Add to add the target secret store to the list of sync targets.
Click Add and create sync policy to add the target secret store to the list of sync targets and open the Create sync policy wizard where you create a policy for syncing secrets between PAM - Self-Hosted and AWS Secrets Manager.