Sample code for 30+ languages & platforms
Tcl

AWS Setup Bootstrap Secret in Local Manager

See more Secrets Examples

Accessing a cloud-based secrets manager requires authentication credentials, which cannot be stored in the manager itself. Instead, they must be securely stored locally.

One solution is to store the authentication credentials as a secret in the Windows Credentials Manager or Apple Keychain. These credentials serve as the "bootstrap secret" for authenticating with the cloud-based secrets manager.

This example demonstrates how to setup a bootstrap secret for the AWS Secrets Manager.

Note: This example requires Chilkat v10.1.0 or later.

Chilkat Tcl Downloads

Tcl

load ./chilkat.dll

set success 0

# This example requires the Chilkat API to have been previously unlocked.
# See Global Unlock Sample for sample code.

set bootstrap [new_CkSecrets]

# On Windows, this is the Windows Credentials Manager
# On MacOS/iOS, it is the Apple Keychain
CkSecrets_put_Location $bootstrap "local_manager"

# Specify the name of the bootstrap secret.
# service and username are required.
# appName and domain are optional.
# Note: The values are arbitrary and can be anything you want.
set json [new_CkJsonObject]

CkJsonObject_UpdateString $json "appName" "AWS"
CkJsonObject_UpdateString $json "service" "Example"
CkJsonObject_UpdateString $json "username" "Joe"

# The bootstrap secret for the AWS Secrets Manager will contain
# the AWS region, access key, and secret key, like this:
set jsonSecret [new_CkJsonObject]

# Modify if necessary to use your region..
CkJsonObject_UpdateString $jsonSecret "awsRegion" "us-east-1"
CkJsonObject_UpdateString $jsonSecret "awsAccessKey" "YOUR_ACCESS_KEY"
CkJsonObject_UpdateString $jsonSecret "awsSecretKey" "YOUR_SECRET_KEY"

# Create or update the bootstrap secret.
set success [CkSecrets_UpdateSecretJson $bootstrap $json $jsonSecret]
if {$success == 0} then {
    puts [CkSecrets_lastErrorText $bootstrap]
    delete_CkSecrets $bootstrap
    delete_CkJsonObject $json
    delete_CkJsonObject $jsonSecret
    exit
}

puts "The AWS bootstrap secret has been stored."

delete_CkSecrets $bootstrap
delete_CkJsonObject $json
delete_CkJsonObject $jsonSecret