Skip to main content

AWS Secrets Manager

env-secrets supports pulling a single JSON secret from AWS Secrets Manager, mapping each top-level key to an environment variable.

Create a secret (JSON)

aws secretsmanager create-secret   --region us-east-1   --name local/sample   --secret-string '{"user":"marka","password":"mypassword"}'

Run a command with injected vars

env-secrets aws -s local/sample -r us-east-1 -- echo $user/$password

Parameters

  • -s, --secretrequired secret name/id
  • -r, --region — AWS region (or AWS_DEFAULT_REGION)
  • -p, --profile — AWS profile to use

Tips

  • Use DEBUG=env-secrets,env-secrets:secretsmanager for verbose logs.
  • Prefer least-privilege IAM (secretsmanager:GetSecretValue).