AWS Secrets Manager
Resolve environment variables from AWS Secrets Manager with batch fetching and JSON key extraction.
Installation
Install the AWS SDK peer dependency:
npm install @aws-sdk/client-secrets-managerpnpm add @aws-sdk/client-secrets-managerbun add @aws-sdk/client-secrets-manageryarn add @aws-sdk/client-secrets-managerBasic usage
import { createEnv, requiredString } from "@ayronforge/better-env"
import { fromAwsSecrets } from "@ayronforge/better-env/aws"
import { Effect } from "effect"
const envEffect = createEnv({
server: {
DATABASE_URL: requiredString,
API_KEY: requiredString,
},
resolvers: [
fromAwsSecrets({
secrets: {
DATABASE_URL: "prod/database-url",
API_KEY: "prod/api-key",
},
region: "us-east-1",
}),
],
})
const env = await Effect.runPromise(envEffect)Options
| Name | Type | Default | Description |
|---|---|---|---|
| secrets Required | Record<string, string> | — | Map of env var names to AWS secret IDs. Supports #jsonKey syntax for JSON extraction. |
| region | string | — | AWS region for the Secrets Manager client. |
JSON key extraction
If a secret stores a JSON object, you can extract a specific field using the #key syntax:
fromAwsSecrets({
secrets: {
// Secret "prod/database" contains: {"url": "postgres://...", "pool": "10"}
DATABASE_URL: "prod/database#url",
DB_POOL_SIZE: "prod/database#pool",
},
})This fetches the prod/database secret once and extracts the url and pool fields separately.