Integrate AWS Secrets Manager Into Your Workspaces

If you and your company are self-hosting your workspaces and you store your secrets in AWS Secrets Manager you can (and probably) should integrate those into your workspaces.

For now, we take a hard dependency on you being a self-hosted customer (or "Bring Your Own Cloud") but in the future we'll support this integration for all customers. Having clear and actionable control over your secrets is critical.

Once a user with an Admin role has set up BYOC it's trivial to incorporate AWS Secrets Manager. Simply associate a template with the arn where your secrets live and they will be set as environment variables when new workspaces are created.


1. First complete Bring Your Own Cloud Integration

2. Create a Secret in AWS Secrets Manager

Create a secret in AWS Secrets Manager as a secret string in json format. These keys and values will be used to insert secrets into the workspace that will be associated with that template.

aws secretsmanager create-secret \
    --name MyTestSecret \
    --description "My test secret created with the CLI." \
    --secret-string "{\"user\":\"diegor\",\"password\":\"EXAMPLE-PASSWORD\"}"

3. Add Secrets To Template

add the arn of the secret that you have just created to the template on the Secretes Settings Page

Doc Image

If the Secrets Manager ARNs is not appearing, make sure that you have correctly configured your Bring Your Own Cloud Configuration. You can check the status of your configuration on the Setup Page and if your configuration is working it should look similar to this

Doc Image

4. Provision A Workspace and Connect to an Environment

create a dev workspace with the template you have just configured and connect to it with your preferred editor or terminal.

5. `echo $FOO` to see your secret as an environment variable

PreviousCDK Cloning in DZ CLI
NextContact Support