Password Manager

Overview

For information on managing passwords via the API, see v1 API - Passwords.

Many of the components in Matillion ETL require passwords to provide access to various services on behalf of the user. Users can input a password directly into a component and it will be stored securely within that component.

However, if the user is utilising many components, manually entering passwords can be laborious. Furthermore, if those passwords change, the user will need to manually edit each component to rectify that password.

Instead, the Password Manager can store passwords, each paired with an identifying name. When a component requests a password, the name of a stored password can be entered and will draw a password from the manager. Thus, if that password should change, the user need only edit the value in the Password Manager and not the individual components.

Note: Passwords are stored at the Project Group level and thus will be shared with, and accessible from, all other projects within that same group.​

The Password Manager can be accessed through Project → Manage Passwords.



Passwords can be added through the + symbol at the lower-left of the window or deleted with X beside each entry. Choosing to add a new password will bring up the Create Password window.



Any Name and Password can be chosen for the relevant fields, although it is advised that you use the Name to indicate what the Password is for. The Encryption Type offers a drop-down menu with two choices:

1. Encoded - Store the passwords in an encrypted file on the machine that is running Matillion ETL.

2. KMS: It is possible to store passwords using Amazon's Key Management Service. Selecting this option will reveal an additional property named 'Master Key' that can be entered to access the user's KMS. Using KMS requires the use of certain actions which can be found in the Managing Credentials documentation with an attached policy for Matillion. If KMS is unavailable, components using KMS passwords will fail as though an incorrect password has been entered.  
2. (AWS only) KMS: It is possible to store passwords using Amazon's Key Management Service. Selecting this option will reveal an additional property named 'Master Key' that can be entered to access the user's KMS. Using KMS requires the use of certain actions which can be found in the Managing Credentials documentation with an attached policy for Matillion. If KMS is unavailable, components using KMS passwords will fail as though an incorrect password has been entered.
2. KMS: It is possible to store passwords using Google's Key Management Service. Selecting this option will reveal additional properties: Project, Location, Key Ring, and Key. You can set these properties to define which key to securely store your new password with.
 
  • Name: Choose an arbitrary name for your password.
  • Password: Create an arbitrary password.
  • Encryption Type: Choose KMS from this drop-down box.
  • Project: Select your GCP Project. This variable correlates with your GCP account.
  • Location: Select a Location. This variable correlates with your GCP account.
  • Key Ring:  Choose your Key Ring. This variable correlates with your GCP account.
  • Key: Choose your Key to keep your password in. This variable correlates with your GCP account.

For any additional help creating Key Rings and Keys, we suggest reading Google Cloud's documentation here.



Note: the Environment Credentials (Managing Credentials) dictate which GCP account is the source of your Project (and thus Key Rings and Keys) and requires relevant permissions.

If KMS is unavailable, components using KMS passwords will fail as though an incorrect password has been entered.
For the complete functioning of Google Cloud Platform KMS, we advise giving users the cloudkms.admin (or viewer) and cloudkms.cryptoKeyEncrypterDecrypter predefined roles.

Lastly, your password Description can be entered purely as a reminder of the password's function.

Clicking OK will save the password to the Password Manager, and it will appear on the list with other saved passwords. You can edit these password descriptions by clicking the pencil icon. You can edit the passwords themselves by clicking the padlock icon.

Clicking OK will close the Password Manager. You can then refer to your new passwords by name in Matillion ETL components and tools.