1 minute reading time | View on GitHub

Amazon AWS

AWS Secrets

Sync your secrets to AWS Secrets when an environment variable is changed.

Instructions

Step1

Navigate to the add-ons page. Click AWS Secrets. Then click Connect AWS Secrets.

Step2

On the next page, generate your AWS IAM User and paste in the credentials.

Important: The AWS IAM user must have correct permissions. Below is an example. Modify for your security needs.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "secretsmanager:UntagResource",
                "secretsmanager:DescribeSecret",
                "secretsmanager:DeleteResourcePolicy",
                "secretsmanager:PutSecretValue",
                "secretsmanager:CreateSecret",
                "secretsmanager:DeleteSecret",
                "secretsmanager:CancelRotateSecret",
                "secretsmanager:ListSecretVersionIds",
                "secretsmanager:UpdateSecret",
                "secretsmanager:GetRandomPassword",
                "secretsmanager:GetResourcePolicy",
                "secretsmanager:GetSecretValue",
                "secretsmanager:StopReplicationToReplica",
                "secretsmanager:PutResourcePolicy",
                "secretsmanager:ReplicateSecretToRegions",
                "secretsmanager:RestoreSecret",
                "secretsmanager:RotateSecret",
                "secretsmanager:UpdateSecretVersionStage",
                "secretsmanager:ValidateResourcePolicy",
                "secretsmanager:RemoveRegionsFromReplication",
                "secretsmanager:ListSecrets",
                "secretsmanager:TagResource"
            ],
            "Resource": "*"
        }
    ]
}
Step3

Lastly, set up the AWS Secrets config path and region.

That’s it! 🎉 Your secrets are now synced to AWS Secrets and will continue to stay in sync when you modify your secrets.

Thank you for using Dotenv with AWS Secrets.