Sorry, we didn't find any relevant articles for you.

Send us your queries using the form below and we will get back to you with a solution.

Vault Integration via JDBC (AWS Secrets Manager)

Explore how to securely integrate Vault with JDBC using AWS Secrets Manager for streamlined credential management and enhanced security.

April Hatton
·
Updated May 14th, 2026
·
1.3 min read

Description

IMPORTANT: AWS Secrets Manager is currently the only supported vault manager. Support for additional vaults will be provided in the future.

Runtime can be integrated with a Vault Manager, which stores and manages information, such as user passwords, database credentials, etc., as they are changed over a set time defined by an organization. This method of connecting to a database still uses JDBC but does not require you to include the username and password parameters in the JDBC Config file for the database connection.

When Vault Integration is set up, Runtime will connect via the JDBC Driver to the vault manager using the required vault security credentials (e.g., access key, secret key, etc.) and obtain the username and password. It then passes that information to the database to make the connection.

File Parameters

The following parameters need to be in the JDBC Config file for AWS Secrets Manager:

  • driver - Defines the path and name of the JDBC driver Jar file. The Jar contains a Java program that uses the JDBC API to load the specified driver for a particular DBMS before it actually connects to a database. The JDBC DriverManager class then sends all JDBC API calls to the loaded driver. Note: Varies per database.
  • url - Defines the Universal Resource Locator (URL) to connect to the database. Note: Varies per database
  • batchCount - Defines the number of rows sent to the database per batch. This property is only mandatory for GenRocket Receivers.
  • vault - the name of the vault manager (e.g., awsSecretManager)
  • awsAccessKey - vault manager access key
  • awsSecretKey - vault manager secret key
  • awsRegion - vault manager region (e.g., us-east-1, ap-south-2, eu-central-1)
  • awsSecretName - secret name for the information that is being retrieved
    driver=com.mysql.cj.jdbc.Driver 
url=jdbc:mysql://host:3306/test?rewriteBatchedStatements=true&allowLoadLocalInfile=true 
batchCount=7 vault=awsSecretManager 
awsAccessKey=<accesskey> 
awsSecretKey=<secretKey> 
awsRegion=<region> 
awsSecretName=<secretName>

MySQL Example

driver=com.mysql.cj.jdbc.Driver 
url=jdbc:mysql://database-1.cnppkr1ujhij.ap-south-1.rds.amazonaws.com:3306/test?rewriteBatchedStatements=true&allowLoadLocalInfile=true 
batchCount=7 
vault=awsSecretManager 
awsAccessKey=AKIAIOSFODNN7EXAMPLE
awsSecretKey=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY 
awsRegion=ap-south-1 
awsSecretName=rds!db-9136408b-XXXX-XXXX-XXXX-97c5f9610df0