Skip to main content
← back to extensions

@swamp/aws-sm

v2026.04.22.2

Read and write secrets stored in AWS Secrets Manager.

Authentication

Uses the default AWS credential chain — no credentials in config. Provide credentials via one of:

  • Environment variables: AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY
  • AWS profile: ~/.aws/credentials
  • IAM role attached to the instance or task

Required IAM Permissions

  • secretsmanager:GetSecretValue
  • secretsmanager:PutSecretValue
  • secretsmanager:CreateSecret
  • secretsmanager:ListSecrets

Usage

swamp vault create @swamp/aws-sm my-aws-sm \
  --config '{"region": "us-east-1"}' --json

swamp vault get my-aws-sm my/secret/name --json
swamp vault put my-aws-sm my/secret/name "s3cr3t" --json
swamp vault list-keys my-aws-sm --json

Secret Key Format

Secret keys map directly to AWS Secrets Manager secret names, including path-style names such as myapp/production/db-password.

Repository

https://github.com/systeminit/swamp-extensions

Platforms

linux-x86_64linux-aarch64darwin-x86_64darwin-aarch64

Labels

vaultawssecrets-managersecrets

Contents

vaults

Quality score

Verified by Swamp

How well-documented and verifiable this extension is.

100%

Grade A

  • Has README or module doc2/2earned
  • README has a code example1/1earned
  • README is substantive1/1earned
  • Most symbols documented1/1earned
  • No slow types1/1earned
  • Has description1/1earned
  • At least one platform tag (or universal)1/1earned
  • Two or more platform tags (or universal)1/1earned
  • License declared1/1earned
  • Verified public repository2/2earned

Install

$ swamp extension pull @swamp/aws-sm

AWS Secrets Managerconfigurable
@swamp/aws-smaws_sm.ts

AWS Secrets Manager vault provider. Uses the default AWS credential chain for authentication.

Config Fields

FieldTypeDescription
regionstringAWS region where the Secrets Manager secrets are stored e.g. us-east-1