AWS Secret Manager
AWS Secrets Manager is a fully managed service that helps you securely store, retrieve, and rotate sensitive information like database credentials, API keys, and other secrets. It automatically handles secret rotation for supported services, provides fine-grained access control through IAM, and encrypts secrets both in transit and at rest using KMS. The service eliminates the need to hardcode credentials in applications, offers programmatic access through SDKs, and integrates seamlessly with AWS services like RDS, DocumentDB, and Redshift for automatic credential rotation.
You can read more about AWS secret manager here.
Usage
To enable AWS secret manager you need to add the id, key, and region to the YAML under the aws_secret_manager key.
Fields
id
This is the id of the AWS secret key
name: first-rrelayer
description: "my first rrelayer"
api_config:
port: 3000
authentication_username: ${RRELAYER_AUTH_USERNAME}
authentication_password: ${RRELAYER_AUTH_PASSWORD}
signing_provider:
aws_secret_manager:
id: "testing-josh-relayer"key
In AWS secret you set objects and it returns the JSON. The key is the property you have set for mnemonic on
name: first-rrelayer
description: "my first rrelayer"
api_config:
port: 3000
authentication_username: ${RRELAYER_AUTH_USERNAME}
authentication_password: ${RRELAYER_AUTH_PASSWORD}
signing_provider:
aws_secret_manager:
id: "testing-josh-relayer"
key: "seed"region
AWS works with regions, so this is the region the AWS secret is deployed to (you can see at the top right of the AWS portal)
name: first-rrelayer
description: "my first rrelayer"
api_config:
port: 3000
authentication_username: ${RRELAYER_AUTH_USERNAME}
authentication_password: ${RRELAYER_AUTH_PASSWORD}
signing_provider:
aws_secret_manager:
id: "testing-josh-relayer"
key: "seed"
region: "eu-west-1"You then need to add the AWS variables to the .env
AWS_ACCESS_KEY_ID=YOUR_AWS_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY=YOUR_AWS_SECRET_ACCESS_KEY