logoStacktape docs

SecretsWork in progress
Work in progress


  • Secrets allow you to securely store credentials, API Keys and other secrets required by your applications, databases, services, and IT resources.
  • Secrets are stored within your AWS account using AWS secrets manager.

Managing secrets

  • You can store secrets in 2 ways:
    • simple strings, e.g. mypassword
    • json objects, such as { "username": "my-username", "password": "my-password" }
  • Secret names must use only Unicode characters and must be 1 - 512 characters long.
  • Secret values must be at most 65,536 bytes long.
  • Stacktape allows you to manage your secrets using CLI commands:

Creating and updating a secret

  • using secret:create command


stacktape secret:create --region my-region
  • You will be prompted to input all the required values.
  • Updating the secret can be done using the same command. If the secret with the given name already exists, you will be prompted if you want to update it.

Deleting a secret


stacktape secret:delete --region my-region

Getting a secret value


stacktape secret:get --region my-region

Referencing secrets


type: relational-database
type: aurora-postgresql-serverless
# using a simple string as a secret value, e.g. "my-password"
masterUserName: $Secret('masterUserName')
# using an object as a secret value, e.g. "{ password: "my-password" }"
masterUserPassword: $Secret('databaseCredentials.password')

After you update a secret, all of the already deployed stacks which are using this secret will keep using the old version. In order for the deployed stack to use the new (updated) version of the secret, you need to redeploy the stack.


  • You are charged $0.4 / month for every existing secret
Need help? Ask a question on SlackDiscord or info@stacktape.com.