AWS Secrets Manager

Learn how to easily sync environment variables to AWS Secrets Manager.

This guide will show you how to set up automatic syncing of Doppler secrets to AWS Secrets Manager.

Prerequisites

Authorization

Navigate to the project you would like to integrate, click Integrations from the Projects menu, then select AWS Secrets Manager to begin the authorization process.

16461646

The first step is entering the AWS Key ID and Secret Access Key required by Doppler to sync secrets to Secrets Manager.

You can choose to enter credentials for an existing IAM user, or you can click the link above the text fields to create a new IAM user with the required permissions.

16461646

If using an existing IAM user, you can skip this step, but if not, once on the AWS IAM page, click the Create user button at the bottom right of the screen, then leave the following page open as you'll need the credentials for the next step.

998998

Paste in your AWS Key ID and Secret Access Key and click Connect to finish creating the connection to AWS.

16011601

Advanced: using a custom AWS IAM policy

If you'd prefer a custom IAM policy with only the permissions required by Doppler, you can use the following policy in JSON format to attach to a new or existing IAM user:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "AllowSecretsManagerAccess",
            "Effect": "Allow",
            "Action": [
                "secretsmanager:GetSecretValue",
                "secretsmanager:DescribeSecret",
                "secretsmanager:PutSecretValue",
                "secretsmanager:CreateSecret",
                "secretsmanager:DeleteSecret",
                "secretsmanager:TagResource",
                "secretsmanager:UpdateSecret"
            ],
            "Resource": "*"
        }
    ]
}

Configuration

Now chose the config to sync, the AWS region, and optionally, the Path which is used as the secret name prefix. Doppler determines the secret name in AWS Secrets Manager using the format {path}/doppler. For example, if Path is /yodaspeak/production/, the secret will be named /yodaspeak/production/doppler.

16461646

Click Setup Integration and Doppler will instantly sync your secrets to AWS! To confirm the integration is working correctly, you can view the secret created in Secrets Manager by clicking the DESTINATION link.

16461646 16461646

πŸ‘

Amazing Work!

You've successfully set up the Doppler AWS Secrets Manager integration! Every time you update your secrets in Doppler, we will automatically update them in AWS Secrets Manager.


Did this page help you?