Skip to main content

Suggest an Idea

Vote for your favorite Qlik product ideas and add your own suggestions.

Welcome Talend Customers and Partners! Feature requests are now entered here. ABOUT IDEATION

QR: Allow secrets addon to update principal fields for AWS IAM credentials in endpoints

Contributor III
Contributor III

QR: Allow secrets addon to update principal fields for AWS IAM credentials in endpoints

When QR is deployed on-prem, certain endpoints require AWS IAM credentials for an IAM user to function. Examples:

  1. AWS Redshift (for the S3 staging bucket)
  2. AWS S3

IAM user credentials are a system generated key pair, which means that both the principal and password fields need to be updated when rotation occurs. Unfortunately, not all endpoints support principal updates, and those that do usually have a static principal field that doesn't need updating. Since IAM credentials need both fields updated, endpoints should be updated to allow the secrets addon to make this change.

Ex: Hashicorp Vault

  • When requesting credentials through an AWS secrets engine in Vault, a new IAM user and key-pair is generated with every call. Since this results in a new principal (access key), we cannot utilize the secrets addon with secrets stored in this location.
  • If we request those same credentials through a key-value secrets engine (static key-pairs), the principal would need to be manually updated anytime that credential was rotated. This leads to a need for manual intervention within an automated process, providing a high-risk of failures for potentially critical tasks


Tags (1)

Thank you for your suggestion. We have added this to our roadmap!

Status changed to: Open - On Roadmap

From now on, please track this idea from the Ideation portal. 

Link to new idea


NOTE: Upon clicking this link 2 tabs may open - please feel free to close the one with a login page. If you only see 1 tab with the login page, please try clicking this link first: Authenticate me! then try the link above again. Ensure pop-up blocker is off.

Explorer II
Explorer II
Status changed to: Closed - Archived