I am trying to integrate SecretsManager and followed below doc:
The DB password is stored in AWS SM,
Secret name: {ENV}/my-retool/db_cluster_name/username/
where {ENV} represents deployment env such as test, prod, etc.
Inside this secret is JSON key value pair where a key called password has to be fetched and used in retool resources.
I've defined a namespace in retool: {ENV}/db_cluster_name/username
and I expect that {{secrets.password}} should fetch the password key from the SM. Is it correct way or am missing something here.
Before getting into syntax, have you confirmed that Retool is able to connect to AWS in the first place? You can use the "Test connection" button in the "Secrets Manager" menu in order to quickly verify this.
Assuming no issues with the above, I'm inclined to think that your issue is the namespace that you've set up in Retool. The idea is that you set this to something that all relevant secrets have in common.
Imagine that I have two relevant secrets - test/my-retool/db_cluster_name/username and test/my-retool/db_cluster_name/password. Instead of having to refer to them by their full name, I can configure Retool to remember the part that they have in common - test/my-retool/db_cluster_name. By setting that as the namespace, all I have to type when referencing those secrets is secrets.username and secrets.password.
Importantly, I don't think that you can use the namespace to destructure a JSON secret! You'll likely need to leave username out of the namespace and reference the secret as secrets.username.password, instead.
I hope that helps! Let me know if you have any questions.
