AWS Secrets Manager key pairs
To configure Tessera to use AWS Secrets Manager key pairs, provide the vault information in the configuration file. You can use Tessera to generate AWS Secrets Manager keys.
Provide the secret IDs for both keys with an optional endpoint.
The endpoint is optional because the AWS SDK can fall back to its built-in property retrieval chain, for example, using the environment variable
AWS_REGION or the
The AWS SDK documentation explains using credentials.
This example configuration retrieves the secrets
secretIdKey from AWS Secrets Manager using the endpoint
If you receive a
Credential should be scoped to a valid region error when starting Tessera, the region specified in the
endpoint differs from the region the AWS SDK has retrieved from its property retrieval chain. You can resolve this by setting the
AWS_REGION environment variable to the same region as defined in the
Environment variables must be set if using AWS Secrets Manager.