Heading image

Secrets such as environment variables are a must when working with applications using tools such as the CDK. When generating our CloudFormation templates, the last thing you want is to have environment variables leaking through your Git history.

This short overview will create/retrieve a secret from the AWS Secrets Manager and show how you can then require it within a CDK stack.

The secrets manager from the CLI

Ensure that you have the aws-cli installed.

We’re going to add values for example/secretKey and example/secretToken. For us to reference later in the example CDK usage.

Creating our first example of two secrets:

The response from each will give you an ARN value — make sure you note these down.

If you do not note it down, you can always re-fetch the secret using describe-secret from the CLI:

CDK Example

Let’s pretend we’re going to deploy a Lambda function that requires particular environment variables.

This tutorial won’t go into the depths of the AWS CDK, but just know it requires @aws-cdk/aws-secretsmanager to be installed for the secret manager part.

The following code can be updated with the appropriate ARNs that we explored above.

Resources and Further Reading

  1. AWS Secrets User Guide

Image credit: Emiel Maters

Originally posted on my blog.

Senior Engineer @ Culture Amp. Tinkerer and professional self-isolator in 2020.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store