Uploading the Secrets

Note: The instructions mentioned in the section apply only to the Application Protector REST approach.

The CA and the Client certificates are important entities in the mutual trust process. These certificates determine the authentication and authorization to the Application Protector REST server. As a result, it is critical to store these certificates in a secured location. Therefore, the certificates must be uploaded to the Secrets Manager in AWS where they will be stored as secrets.

To upload the secrets:

  1. Create a Secrets Manager in AWS to upload the secrets.

  2. Assign the required access permissions to the Secrets Manager. For example:

    {
"Version": "2012-10-17",
"Statement": [
    {
        "Sid": "VisualEditor0",
        "Effect": "Allow",
        "Action": [
            "secretsmanager:*"
        ],
        "Resource": [
            "arn:aws:secretsmanager:<aws_region_name>:<aws_account>:secret:*"
        ]
    },
    {
        "Action": "sts:AssumeRole",
        "Resource": "arn:aws:iam::<aws_account>:role/<aws_iam_role>",
        "Effect": "Allow"
    }
]
}

  3. Log in to the machine where the certificates are created.

  4. Launch the python console.

  5. To view the contents of the CA.pem file and store it as PTY-APPLICATION-PROTECTOR-REST-CA-CERTIFICATE, run the following command:

    with open("ca/CA.pem") as file:
    file.read()
Store CA cert as PTY-APPLICATION-PROTECTOR-REST-CA-CERTIFICATE

  6. Press ENTER. The command displays the contents of the CA.pem file.

  7. To view the contents of the client.pem file and store it as PTY-APPLICATION-PROTECTOR-REST-CLIENT-CERTIFICATE, run the following command:

    with open("client/client.pem") as file:
    file.read()
Store client cert as PTY-APPLICATION-PROTECTOR-REST-CLIENT-CERTIFICATE

  8. Press ENTER. The command displays the contents of the client.pem file.

  9. To view the contents of the client.key file and store it as PTY-APPLICATION-PROTECTOR-REST-CLIENT-KEY, run the following command:

    with open("client/client.key") as file:
    file.read()
Store client key as PTY-APPLICATION-PROTECTOR-REST-CLIENT-KEY

  10. Press ENTER. The command displays the contents of the client.key file.

  11. Log in to the AWS portal.

  12. Navigate to the required Secrets Manager.

  13. Click Store a new secret. The Choose secret type page appears.

  14. From the Secret type section, select Other type of secret.

  15. Enter the details as listed in the table, in a new row.

    Key

    Value

    PTY-APPLICATION-PROTECTOR-REST-CA-CERTIFICATE

    1. In the Key box, enter PTY-APPLICATION-PROTECTOR-REST-CA-CERTIFICATE.
    2. In the Value box, enter the contents of the CA.pem file.

    PTY-APPLICATION-PROTECTOR-REST-CLIENT-CERTIFICATE

    1. In the Key box, enter PTY-APPLICATION-PROTECTOR-REST-CLIENT-CERTIFICATE.
    2. In the Value box, enter the contents of the client.pem file.

    PTY-APPLICATION-PROTECTOR-REST-CLIENT-KEY

    1. In the Key box, enter PTY-APPLICATION-PROTECTOR-REST-CLIENT-KEY.
    2. In the Value box, enter the contents of the client.key file.

  16. Click Next. The Configure secret page appears.

  17. In the Secret name box, enter a name to identify the secret.

  18. Click Next. The Configure rotation page appears.

  19. Click Next. The Review page appears.

  20. Verify the details.

  21. Click Store. The secrets are stored as per the specified details.


Last modified : February 12, 2026