How To Get An AWS Secrets Manager Secret ARN By Key

This past weekend, I was working on deploying a side project to AWS App Runner.

App Runner lets you specify environment variables from an AWS Secrets Manager secret by ARN, but it took me a while to figure out how to specify an ARN for JSON secrets.

For whatever reason, it was nearly impossible for me to find the format of a Secrets Manager ARN using Google or ChatGPT.

Here’s the format:


You can omit the version stage and the version ID, and it’ll always retrieve the AWSCURRENT version.

For example, if you can have a value like this:

    "username": "foo",
    "password": "bar"

You can retrieve just the password like this:


Join the 80/20 DevOps Newsletter

If you're an engineering leader or developer, you should subscribe to my 80/20 DevOps Newsletter. Give me 1 minute of your day, and I'll teach you essential DevOps skills. I cover topics like Kubernetes, AWS, Infrastructure as Code, and more.

Not sure yet? Check out the archive.

Unsubscribe at any time.