> ## Documentation Index
> Fetch the complete documentation index at: https://docs.maia.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Add Maia runner credentials to AWS Secrets Manager

export const Runners = () => <>the <strong>Runners & Instances</strong> icon <span style={{
  whiteSpace: "nowrap"
}}><img src="/images/global-nav/runners-instances.png" width="20" height="20" style={{
  verticalAlign: "text-bottom",
  display: "inline",
  margin: "0 1px"
}} /></span></>;

export const m_runner = "Maia runner";

export const maia = "Maia";

export const RunnerMetadata = ({runnerType, platforms = []}) => {
  return <div style={{
    background: 'var(--colors-background-light, #f9fafb)',
    border: '1px solid var(--colors-border-default, #e5e7eb)',
    borderRadius: '12px',
    padding: '20px 28px',
    marginBottom: '28px'
  }}>
      <table style={{
    width: '100%',
    borderCollapse: 'collapse'
  }}>
        <tbody>
          <tr>
            <td style={{
    fontWeight: '600',
    paddingRight: '32px',
    paddingBottom: '14px',
    whiteSpace: 'nowrap',
    verticalAlign: 'middle',
    width: '180px'
  }}>Runner type</td>
            <td style={{
    paddingBottom: '14px',
    verticalAlign: 'middle'
  }}>{runnerType}</td>
          </tr>
          <tr>
            <td style={{
    fontWeight: '600',
    paddingRight: '32px',
    whiteSpace: 'nowrap',
    verticalAlign: 'middle'
  }}>Runner platform</td>
            <td style={{
    verticalAlign: 'middle'
  }}>
              <div style={{
    display: 'flex',
    flexWrap: 'wrap',
    gap: '8px'
  }}>
                {platforms.map((platform, i) => <span key={i} style={{
    background: '#dcfce7',
    color: '#15803d',
    border: '1px solid #bbf7d0',
    borderRadius: '9999px',
    padding: '3px 12px',
    fontSize: '0.85rem',
    fontWeight: '500',
    whiteSpace: 'nowrap'
  }}>
                    {platform} ✅
                  </span>)}
              </div>
            </td>
          </tr>
        </tbody>
      </table>
    </div>;
};

<RunnerMetadata runnerType={`${maia} Hybrid`} platforms={["AWS"]} />

This page is a guide to adding your {m_runner} credentials to AWS Secrets Manager.

Adding {m_runner} credentials to Secrets Manager ensures that, when using a {m_runner} you are hosting in your own cloud infrastructure, your credentials aren't passed to the Matillion control plane, keeping your secrets in your own infrastructure. Even when a pipeline refers to a secret, it's resolved at run time by the {m_runner}, with only references to the secret being stored in {maia}.

***

## Locate your Maia runner credentials

1. Log in to [{maia}](https://app.matillion.com/hub/).
2. In the left navigation, click <Runners />. Then, select **Runners** from the menu.
3. Select a {m_runner}. If you haven't created one yet, read [Create a {m_runner}](/docs/guides/create-a-runner).
4. In **Runner details**, scroll down to **Credentials**.
5. Click **Reveal credentials**.
6. Note the revealed **client\_id** and **client\_secret**.

***

## Add your credentials to AWS Secrets Manager

1. Log in to the [AWS Console](https://aws.amazon.com/console/).

2. Once logged in, type "Secrets Manager" in the search bar and click **Secrets Manager**.

3. Click **Store a new secret**.

4. Choose the tile labelled **Other type of secret**.

5. Add two **key:value** pairs:

   * **client\_id:** The value of the client ID located as described above.
   * **client\_secret:** The value of the client secret located as described above.

6. Click **Next**.

7. Name the secret and provide a secret description. Click **Next**.

8. Click **Next** again unless you wish to configure rotation settings.

9. Review the secret and click **Store**. You'll return to **Secrets**. Refresh the page.

***

## Retrieve the ARN of your new secret

1. While in the **Secrets** dashboard of AWS Secrets Manager, click the name of your new secret.
2. In the **Secret details** container, copy the **Secret ARN** and save this value for later to reference it in the task definition.

You may need provide permissions to the new secret by adding access to your new ARN to the IAM ECS task execution role that is referenced by the Task definition. For more information read **ECS task role** in [AWS IAM roles](/docs/guides/aws-iam-roles).