Skip to content

AST 1208 customer credentials

Store Customer Connector Credentials

Store customer-specific ADP and Costpoint API credentials in AWS Secrets Manager for secure access by workflows.

Key details:

  • Store credentials in AWS Secrets Manager per customer
  • Secret naming convention: connect/{customer-id}/adp and connect/{customer-id}/costpoint
  • Store as JSON with all required credential fields (API keys, client secrets, base URLs, etc.)
  • Access credentials in workflow using either:
  • Direct boto3 access via secretsmanager.get_secret_value()
  • Prefect AWS Secrets Block interface (from prefect-aws)
  • Create Prefect task to load credentials and pass to connector instances
  • Load credentials fresh on every workflow run (no caching between runs)
  • Credentials loaded once per workflow run (not per employee)
  • Document required credential fields for each connector

Example(s):

Secret structure for ADP:

{
  "client_id": "xxx",
  "client_secret": "yyy",
  "base_url": "https://api.adp.com",
  "org_id": "zzz"
}

Secret structure for Costpoint:

{
  "api_key": "xxx",
  "base_url": "https://costpoint.example.com/api"
}

Open questions:

  • Use boto3 directly or Prefect AWS Secrets Block wrapper?