Manage Repository Information in ALTR's Control Plane
ALTR refers to databases protected by sidecars as repositories. Repositories must be registered in ALTR so that sidecars can facilitate secure connections between data consumers and databases.
Database credentials are referred to as repository users. Repository users must be registered in ALTR to enable data consumers to connect to repositories using single sign-on (SSO). When connecting via SSO, credentials are never directly surfaced to data consumers. Access to connect using repository users is controlled by impersonation policies in ALTR.
ALTR’s sidecar securely accesses credentials using AWS Secrets Manager. To be accessible by a sidecar, secrets objects must be stored as an “other” type of secret with the credential password stored as plaintext.
To access an AWS secrets object, sidecars must have IAM access to the relevant secrets. Ensure that any installed sidecars have the DescribeSecret and GetSecretValue privileges for all secrets that the sidecar might use when connecting facilitating user connections via impersonation policies.
Note
Sidecar integration requires some one-time setup steps (installing the sidecar, configuring secrets, creating repositories, setting up RSA keys, etc.). Please contact ALTR Support to get started. Our team will walk you through the setup before you begin configuring ALTR.