5.2. Using with AWS Secrets Manager

Development Status: Initial support for AWS Secrets Manager is based on the AWS SDK documentation. We are actively seeking community feedback and real-world testing to confirm seamless operation. Please share your experiences or help us test!

AWS Secrets Manager helps you protect secrets needed to access your applications, services, and IT resources.

Module Configuration

Initialize the SecretsManagerClient and pass it to SecretsModule.

// app.module.ts
import {Module} from '@nestjs/common';
import {SecretsModule} from '@floracodex/nestjs-secrets';
import {SecretsManagerClient} from '@aws-sdk/client-secrets-manager';

@Module({
    imports: [
        SecretsModule.forRoot({
            files: ['settings.yaml', 'settings.local.yaml'],
            isGlobal: true,
            // Client for AWS Secrets Manager (provider auto-detected or use provider: 'AwsSecretsManagerProvider')
            client: new SecretsManagerClient({
                region: 'us-west-2' // Specify your AWS region
                // Configure credentials as needed
            })
        })
    ]
})
export class AppModule {
}

Note: For robust credential and region management, consult the official AWS SDK for JavaScript v3 documentation, particularly for the SecretsManagerClient and these Developer Guide Examples.

Recognized Secret Reference Format

In your configuration files, use the full ARN (Amazon Resource Name) of the secret:

• Secret ARN:
  • Format: arn:aws:secretsmanager:<region>:<account-id>:secret:<secret-name>-<random-suffix>
  • Example: arn:aws:secretsmanager:us-west-2:123456789012:secret:myapplication/dev/rds_credentials-AbCdEf

If the secret value is a JSON string, the entire string is returned by default.

Example settings.yaml

database:
    # Using Secret ARN
    rds_secret_arn: 'arn:aws:secretsmanager:us-west-2:123456789012:secret:myapplication/dev/rds_credentials-AbCdEf'