Greetings all
I have a developer who is using AWS Secrets Manager for his code. However, he is passing the username and password from Active Directory over to the secret in AWS Secrets Manager and calling that JSON from Secrets Manager.
Ideally, yes, he should be calling it from BT and not AWS Secrets Manager but that would involve a lot of code rewrite for him on a production system.
We are looking at adding the secret in Secrets Manager as a synced account with the service account so that when we rotate the password on the service account, it would also rotate the password on the AWS Secrets Manager secret to the same password.
What he needs though, complicates it. He is storing this in his AWS secret
{"binddn":"cn=ldapauth_account,OU=Service,OU=Accounts,OU=company,DC=domain,DC=com","password":"abcabc"}
When BT rotates the password on the service account in AD, it writes the password to the secret in AWS wiping out everything so he ends up with something like newpassword instead of the whole line including the service account DN.
Anybody know of a way to work around this? He really needs the whole line and not just the password.
