Managed secret providers
OpenSearch
Connect OpenSearch to Alter Vault for secure API access
Overview
Section titled “Overview”Use OpenSearch credentials to make authenticated API calls through Alter Vault without exposing API keys in code.
| Property | Value |
|---|---|
| Provider ID | opensearch |
| Category | Search |
| Credential Type | Base64 Credentials |
Step 1: Get Credentials
Section titled “Step 1: Get Credentials”Create an internal user
Create an OpenSearch internal user with the roles the integration needs (or use an existing one).
Encode the credentials
Base64-encode the credentials: echo -n 'username:password' | base64.
Paste the encoded string
Paste the encoded string into the credential field.
Step 2: Add to Alter Vault
Section titled “Step 2: Add to Alter Vault”Open the Developer Portal
Go to portal.alterauth.com and navigate to the application.
Add OpenSearch
Go to Managed Secrets > Add Provider > OpenSearch.
Enter credentials
Paste your Base64 Credentials into the credential field.
Save
Click Save. You’ll receive a grant_id to use with the SDK.
Using in Code
Section titled “Using in Code”response = await alter_app.request( HttpMethod.POST, "https://YOUR-OPENSEARCH-HOST/my-index/_search", grant_id="YOUR_GRANT_ID", json={"query": {"match": {"title": "observability"}}, "size": 5},)- OpenSearch uses HTTP Basic authentication — the stored value is injected as
Authorization: Basic <encoded>. - Amazon OpenSearch Service domains that use IAM authentication should use the AWS (SigV4) template instead.