Skip to main content
AWS Secrets Manager is a secrets management service that helps you protect access to your applications, services, and IT resources. You can use it to easily rotate, manage, and retrieve database credentials, API keys, and other secrets throughout their lifecycle. Qovery recommends using AWS Secrets Manager with Doppler to ease the synchronization of AWS Secrets Manager with Qovery.

Integration Methods

API Keys

You can store your AWS API keys (Access Key ID and Secret Access Key) in Qovery’s environment variables and reference them in your application as standard environment variables. Your application can then use the AWS SDK to connect to AWS Secrets Manager using these credentials. For EKS clusters, the recommended approach is to use IAM roles for service accounts (IRSA). This allows your applications to assume an IAM role and connect to AWS Secrets Manager without storing static credentials. This method provides:
  • Enhanced security with no static credentials
  • Automatic credential rotation
  • Fine-grained access control
  • AWS CloudTrail audit logging
To configure IAM roles for your applications:
  1. Create an IAM role with permissions to access AWS Secrets Manager
  2. Configure the role to be assumable by your Kubernetes service account
  3. Annotate your application’s service account with the IAM role ARN
  4. Use the AWS SDK in your application to access secrets

Using AWS SDK

Once configured, your application can use the AWS SDK to retrieve secrets: Example (Node.js): 
const AWS = require('aws-sdk');
const client = new AWS.SecretsManager({ region: 'us-east-1' });

client.getSecretValue({ SecretId: 'my-secret' }, (err, data) => {
  if (err) throw err;
  const secret = JSON.parse(data.SecretString);
  // Use your secret
});
Example (Python): 
import boto3
import json

client = boto3.client('secretsmanager', region_name='us-east-1')
response = client.get_secret_value(SecretId='my-secret')
secret = json.loads(response['SecretString'])
# Use your secret

Next Steps

Doppler

Use Doppler with AWS Secrets Manager

Environment Variables

Configure environment variables
https://mintcdn.com/qovery/bC94RbU5OE288_w9/images/logos/cloud-providers/aws-icon.svg?fit=max&auto=format&n=bC94RbU5OE288_w9&q=85&s=39fdefda6b2a184faa10bc1d85b46f7d

AWS EKS

Learn about EKS integration

Security Overview

Security best practices