From 8ab2a7d962bf19f6bac87bd5cea54719c371d7df Mon Sep 17 00:00:00 2001 From: fmercadop <90359057+fmercadop@users.noreply.github.com> Date: Wed, 1 Apr 2026 14:08:52 -0700 Subject: [PATCH 1/4] Update how_to_configure_aws_secrets_manager.md --- .../how_to_configure_aws_secrets_manager.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/how-tos/datacoves/how_to_projects/how_to_configure_aws_secrets_manager.md b/docs/how-tos/datacoves/how_to_projects/how_to_configure_aws_secrets_manager.md index dc2fd0b..bfb1d84 100644 --- a/docs/how-tos/datacoves/how_to_projects/how_to_configure_aws_secrets_manager.md +++ b/docs/how-tos/datacoves/how_to_projects/how_to_configure_aws_secrets_manager.md @@ -65,7 +65,7 @@ Please, follow the [AWS Secrets Manager documentation](https://docs.aws.amazon.c ## Configure your Secrets Backend -Datacoves allows you to configure the AWS Secrets Manager backend at the project level, which applies to all environments under that project. You can also override this configuration for a specific environment when needed. +AWS Secrets Manager can be configured at the project level, at the environment level, or both. When configured at the project level, all environments under that project will use it by default. Individual environments can have their own configuration that takes precedence, or they can be set to inherit the project-level settings. ### Project-level configuration @@ -100,15 +100,15 @@ To learn how to read a variable from the AWS Secrets Manager check out our [How For security purposes, once this has been saved you will not be able to view the values. To modify the Secrets backend you will need to set the Secrets backend to `None` and save the changes. Then start the setup again. ::: -### Environment-level override +### Environment-level configuration -You can override the project-level secrets backend for a specific environment. This is useful when, for example, you need to use a different connections prefix in your development environment versus production, or when only one environment should use AWS Secrets Manager. +AWS Secrets Manager can also be configured directly at the environment level, independently of the project settings. This is useful when only specific environments should use AWS Secrets Manager, or when different environments need different configurations (for example, different connection prefixes for development versus production). **Step 1:** Navigate to the Environments Admin page and click on the edit icon for the desired environment. **Step 2:** Go to **Services Configuration**, then select **Airflow settings**. -**Step 3:** Scroll down to the **Additional Secrets Backend** section. Select `AWS Secrets Manager` to apply a separate configuration for this environment only. To inherit the project-level configuration, leave it set to `Use Project Settings`. +**Step 3:** Scroll down to the **Additional Secrets Backend** section. Select `AWS Secrets Manager` to configure it for this environment. If a project-level configuration exists and you want this environment to use it, leave the field set to `Use Project Settings`. ![Environment Secrets Backend Override](../assets/edit_environment_secrets_backend.png) From 57287eba55aed625dd96d05814d07fa23ef11969 Mon Sep 17 00:00:00 2001 From: fmercadop <90359057+fmercadop@users.noreply.github.com> Date: Wed, 1 Apr 2026 14:16:34 -0700 Subject: [PATCH 2/4] Update Additional Secrets Backend description Clarified the description for the Additional Secrets Backend configuration, emphasizing its independence from project-level settings. --- docs/how-tos/datacoves/how_to_environments.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/how-tos/datacoves/how_to_environments.md b/docs/how-tos/datacoves/how_to_environments.md index 1374462..0f5e664 100644 --- a/docs/how-tos/datacoves/how_to_environments.md +++ b/docs/how-tos/datacoves/how_to_environments.md @@ -49,7 +49,7 @@ The services enabled for the environment may require additional configurations. - **dbt profiles path:** The location where Airflow will find dbt profiles.yml file to use during a dbt run. This should be `automate/dbt`. Please be aware that you will need to create the `automate` and`dbt` folders as well as the `profiles.yml` in your repository. - **YAML DAGs path:** When using yml based Airflow DAGs Airflow will look for the yml files in this location. We recommend this be set to `orchestrate/dags`. Please be aware that you will need to create the `orchestrate` and `dags` folders in your repository. - **Python DAGs path:** This is the location Airflow will look for the DAG definition files. We recommend this be set to `orchestrate/dag_yml_definitions`. Please be aware that you will need to create the `orchestrate` and `dag_yml_definitions` folders in your repository. - - **Additional Secrets Backend:** Allows you to override the project-level secrets backend for this specific environment. Select `AWS Secrets Manager` to use a different configuration for this environment only, or leave it as `Use Project Settings` to inherit the project-level configuration. See [Configure AWS Secrets Manager](/docs/how-tos/datacoves/how_to_projects/how_to_configure_aws_secrets_manager) for details. + - **Additional Secrets Backend:** Allows you to configure AWS Secrets Manager for this specific environment. This can be set independently of the project-level configuration, or left as `Use Project Settings` to inherit it if one exists. See [Configure AWS Secrets Manager](/docs/how-tos/datacoves/how_to_projects/how_to_configure_aws_secrets_manager) for details. - OBSERVE (Docs) requires: - **branch:** Here we specify the branch that will be synchronized for production dbt docs. This branch must exist in your git repository. From 0b1dd3430f1101221429acdd87f263d6b1b2740c Mon Sep 17 00:00:00 2001 From: fmercadop <90359057+fmercadop@users.noreply.github.com> Date: Wed, 1 Apr 2026 14:18:20 -0700 Subject: [PATCH 3/4] Clarify configuration options for Secrets Backend --- docs/how-tos/datacoves/how_to_projects/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/how-tos/datacoves/how_to_projects/README.md b/docs/how-tos/datacoves/how_to_projects/README.md index d4d29dc..4d32fdf 100644 --- a/docs/how-tos/datacoves/how_to_projects/README.md +++ b/docs/how-tos/datacoves/how_to_projects/README.md @@ -69,6 +69,6 @@ See this [how-to guide on configuring Azure DevOps](/docs/how-tos/datacoves/how_ - **CI/CD Provider:** When provided, this will display a link to your CI/CD jobs on the Observe tab of a Datacoves environment. Once you choose your provider, you will be able to specify your `CI jobs home URL`. -- **Secrets Backend:** Datacoves provides a Secrets Backend out of the box; you can also configure additional Secrets Backends at the project level or override them per environment. See [AWS Secrets Manager](/docs/how-tos/datacoves/how_to_projects/how_to_configure_aws_secrets_manager) for details. +- **Secrets Backend:** Datacoves provides a Secrets Backend out of the box; you can also configure additional Secrets Backends at the project level, at the environment level, or both. See [AWS Secrets Manager](/docs/how-tos/datacoves/how_to_projects/how_to_configure_aws_secrets_manager) for details. ![Project Secrets Backend](../assets/edit_project_secrets_backend.jpg) From 58a7f2ba61cced296cca23028234cd170975a6a6 Mon Sep 17 00:00:00 2001 From: fmercadop <90359057+fmercadop@users.noreply.github.com> Date: Wed, 1 Apr 2026 14:19:14 -0700 Subject: [PATCH 4/4] Clarify configuration levels for Secrets Backends --- docs/how-tos/airflow/use-aws-secrets-manager.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/how-tos/airflow/use-aws-secrets-manager.mdx b/docs/how-tos/airflow/use-aws-secrets-manager.mdx index 489d1ef..2a5924f 100644 --- a/docs/how-tos/airflow/use-aws-secrets-manager.mdx +++ b/docs/how-tos/airflow/use-aws-secrets-manager.mdx @@ -6,7 +6,7 @@ sidebar_position: 36 Datacoves integrates with the Airflow Secrets Backend Interface, offering support for both its native Datacoves Secrets Backend and AWS Secrets Manager. For other Airflow-compatible Secrets Managers, please reach out to us. -Secrets backends can be configured at the project level or overridden per environment. See [configure your AWS Secrets Manager](/docs/how-tos/datacoves/how_to_projects/how_to_configure_aws_secrets_manager) for details. +Secrets backends can be configured at the project level, at the environment level, or both. See [configure your AWS Secrets Manager](/docs/how-tos/datacoves/how_to_projects/how_to_configure_aws_secrets_manager) for details. ## Read variable from AWS Secrets Manager