Secrets

Secrets allow you to securely store and manage credentials, API keys, and other sensitive information required by your applications. Secrets are stored in your AWS account using AWS Secrets Manager.

Managing secrets

You can store secrets as either simple strings (e.g., mypassword) or as JSON objects (e.g., { "username": "my-username", "password": "my-password" }). Secret names can be up to 512 characters long, and values can be up to 65,536 bytes.

Stacktape provides CLI commands for managing your secrets:

Creating and updating a secret

Use the secret:create command to create or update a secret.


stacktape secret:create --region my-region

You will be prompted to enter the required values. If a secret with the same name already exists, you will be asked if you want to update it.

Deleting a secret

Use the secret:delete command to delete a secret.


stacktape secret:delete --region my-region

Getting a secret value

Use the secret:get command to retrieve the value of a secret.


stacktape secret:get --region my-region

Referencing secrets

You can reference secrets in your configuration using the $Secret() directive.


resources:
  myDatabase:
    type: relational-database
    properties:
      engine:
        type: aurora-postgresql-serverless
      credentials:
        # using a simple string as a secret value, e.g. "my-password"
        masterUserName: $Secret('masterUserName')
        # using an object as a secret value, e.g. "{ password: "my-password" }"
        masterUserPassword: $Secret('databaseCredentials.password')

If you update a secret, any stacks that are already deployed will continue to use the old version. To use the new version, you must redeploy the stack.

Pricing

You are charged $0.40 per secret per month.