Documentation
Add-ons

AWS Secrets

Sync your secrets to AWS Secrets when an environment variable is changed.

Step 1

Navigate to the add-ons page. Click AWS Secrets. Then click Connect AWS Secrets.

Step 2

On the next page, generate your AWS IAM User and paste in the credentials.

Important: The AWS IAM user must have correct permissions. Below is an example. Modify for your security needs.

example iam user policy

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "secretsmanager:UntagResource",
                "secretsmanager:DescribeSecret",
                "secretsmanager:DeleteResourcePolicy",
                "secretsmanager:PutSecretValue",
                "secretsmanager:CreateSecret",
                "secretsmanager:DeleteSecret",
                "secretsmanager:CancelRotateSecret",
                "secretsmanager:ListSecretVersionIds",
                "secretsmanager:UpdateSecret",
                "secretsmanager:GetRandomPassword",
                "secretsmanager:GetResourcePolicy",
                "secretsmanager:GetSecretValue",
                "secretsmanager:StopReplicationToReplica",
                "secretsmanager:PutResourcePolicy",
                "secretsmanager:ReplicateSecretToRegions",
                "secretsmanager:RestoreSecret",
                "secretsmanager:RotateSecret",
                "secretsmanager:UpdateSecretVersionStage",
                "secretsmanager:ValidateResourcePolicy",
                "secretsmanager:RemoveRegionsFromReplication",
                "secretsmanager:ListSecrets",
                "secretsmanager:TagResource"
            ],
            "Resource": "*"
        }
    ]
}

Step 3

Lastly, set up the AWS Secrets config path and region.

That's it! Your secrets are now synced to AWS Secrets and will continue to stay in sync when you modify your secrets.

Thank you for using Dotenv with AWS Secrets.