How To Get An AWS Secrets Manager Secret ARN By Key
This past weekend, I was working on deploying a side project to AWS App Runner.
App Runner lets you specify environment variables from an AWS Secrets Manager secret by ARN, but it took me a while to figure out how to specify an ARN for JSON secrets.
For whatever reason, it was nearly impossible for me to find the format of a Secrets Manager ARN using Google or ChatGPT.
Here’s the format:
arn:aws:secretsmanager:<region>:<aws_account_id>:secret:<secret-name>:<json-key>:<version-stage>:<version-id>
You can omit the version stage and the version ID, and it’ll always retrieve the AWSCURRENT version.
For example, if you can have a value like this:
{
"username": "foo",
"password": "bar"
}
You can retrieve just the password like this:
arn:aws:secretsmanager:<region>:<aws_account_id>:secret:<secret-name>:password::
Join the 80/20 DevOps Newsletter
If you're an engineering leader or developer, you should subscribe to my 80/20 DevOps Newsletter. Give me 1 minute of your day, and I'll teach you essential DevOps skills. I cover topics like Kubernetes, AWS, Infrastructure as Code, and more.
Not sure yet? Check out the archive.
Unsubscribe at any time.