Enable this option to customise the Secrets Manager client(s) used to access secrets.

The most common use case is to access secrets in other accounts using IAM cross-account roles. In this setup, Jenkins performs *same-account* secrets access with its IAM principal's *implicit* role, and performs *cross-account* secrets access with *explicit* roles.

With custom clients, you can decide:

• Whether *same-account* secrets access should be enabled.
• Which *cross-account* calls you want to make.

The plugin de-duplicates client configurations (where two clients have the same credentials provider, endpoint configuration, and region) when you save the Jenkins configuration. This helps you to avoid redundant clients.

Setup

For each client:

1. Create the associated IAM roles and policies in AWS.
2. Ensure that Jenkins can assume the role and retrieve secrets.
3. Add the client to this list.