Secrets

Stacktape offers a way to store, manage and protect secrets needed to access your applications, databases, services, and IT resources.

Secrets are stored within your own AWS account using AWS secret manager.

Secrets can be referenced within your configuration (see example). Moreover, Stacktape provides a set of easy to use commands for managing secrets:

Create secret using secret-create command
Delete secrete using secret-delete command
Get current value of secret using secret-get command

Example

First we create a secret myDbPass using create secret-create command.

Stacktape will take you through the interactive process of creating the secret.

The secret can be updated using the same (secret-create) command. To avoid accidental overwrite, Stacktape asks you if you wish to overwrite the secret before updating the secret.

Referencing secret

Now we can reference myDbPass secret in our config(template) file.

Secrets can be referenced within Stacktape config files using $Secret directive.


resources:
  myDatabase:
    type: relational-database
    properties:
      engine:
        type: aurora-postgresql-serverless
      credentials:
        masterUserName: my-master-user-123
        masterUserPassword: $Secret('myDbPass')

After you update a secret, all of the already deployed stacks which are using this secret will keep using the old version. In order for the deployed stack to use the new (updated) version of the secret, you need to update the stack (using deploy command).