Manage Repository Information in ALTR's Control Plane

ALTR refers to databases protected by sidecars as repositories. Repositories must be registered in ALTR so that sidecars can facilitate secure connections between data consumers and databases.

Database credentials are referred to as repository users. Repository users must be registered in ALTR to enable data consumers to connect to repositories using single sign-on (SSO). When connecting via SSO, credentials are never directly surfaced to data consumers. Access to connect using repository users is controlled by impersonation policies in ALTR.

ALTR’s sidecar securely accesses credentials using AWS Secrets Manager. To be accessible by a sidecar, secrets objects must be stored as an “other” type of secret with the credential password stored as plaintext.

To access an AWS secrets object, sidecars must have IAM access to the relevant secrets. Ensure that any deployed sidecars have the DescribeSecret and GetSecretValue privileges for all secrets that the sidecar might use when connecting facilitating user connections via impersonation policies.