← back to extensions

Aws Sm

@swamp/aws-smv2026.05.31.1· 2d agoVAULTS

01README

Read and write secrets stored in AWS Secrets Manager, with support for vault annotations (swamp vault annotate / swamp vault inspect).

Authentication

Uses the default AWS credential chain — no credentials in config. Provide credentials via one of:

Environment variables: AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY
AWS profile: ~/.aws/credentials
IAM role attached to the instance or task

Required IAM Permissions

secretsmanager:GetSecretValue
secretsmanager:PutSecretValue
secretsmanager:CreateSecret
secretsmanager:ListSecrets
secretsmanager:DescribeSecret
secretsmanager:UpdateSecret
secretsmanager:TagResource
secretsmanager:UntagResource

Annotations

Annotations map to native AWS Secrets Manager primitives:

notes → secret Description field
labels → resource tags (key-value pairs)
url → secret Description field (trailing swamp:url= line; stored there rather than a tag because AWS tag values reject URL characters like ? and &. A legacy swamp:url tag is still read for back-compat.)

swamp vault annotate my-aws-sm API_KEY \
  --url https://console.aws.amazon.com/iam \
  --note "Production API key" \
  --label env=prod --label team=infra
swamp vault inspect my-aws-sm API_KEY --json

Usage

swamp vault create @swamp/aws-sm my-aws-sm \
  --config '{"region": "us-east-1"}' --json

swamp vault get my-aws-sm my/secret/name --json
swamp vault put my-aws-sm my/secret/name "s3cr3t" --json
swamp vault list-keys my-aws-sm --json

Secret Key Format

Secret keys map directly to AWS Secrets Manager secret names, including path-style names such as myapp/production/db-password.

02Vaults1

AWS Secrets Managerconfigurable

@swamp/aws-smaws_sm.ts

AWS Secrets Manager vault provider. Uses the default AWS credential chain for authentication.

Config Fields

Field	Type	Required	Description
region	string	yes	AWS region where the Secrets Manager secrets are stored e.g. us-east-1

03Previous Versions8

2026.05.23.1May 23, 2026

2026.05.14.1May 14, 2026

2026.05.06.1May 6, 2026

2026.04.22.2Apr 22, 2026

2026.04.03.1Apr 3, 2026

2026.03.31.1Mar 31, 2026

2026.03.18.1Mar 18, 2026

2026.03.17.1Mar 17, 2026

04Stats

A

100 / 100

Downloads

212

Archive size

279.3 KB

Verified by Swamp

Has README or module doc2/2earned
README has a code example1/1earned
README is substantive1/1earned
Most symbols documented1/1earned
No slow types1/1earned
Dependencies pass trust audit2/2earned
Has description1/1earned
Platform support declared (or universal)2/2earned
License declared1/1earned
Verified public repository2/2earned

Repository

https://github.com/systeminit/swamp-extensions

05Platforms

linux · x86_64 linux · aarch64 macOS · x86_64 macOS · aarch64

06Labels

#vault #aws #secrets-manager #secrets