Function getSecret

Intro

The Parameters utility provides a SecretsProvider that allows to retrieve secrets from AWS Secrets Manager.

Getting started

This utility supports AWS SDK v3 for JavaScript only. This allows the utility to be modular, and you to install only the SDK packages you need and keep your bundle size small.

To use the provider, you must install the Parameters utility and the AWS SDK v3 for JavaScript for Secrets Manager:

npm install @aws-lambda-powertools/parameters @aws-sdk/client-secrets-manager

Basic usage

Example

import { getSecret } from '@aws-lambda-powertools/parameters/secrets';

export const handler = async (): Promise<void> => {
  // Retrieve a secret
  const secret = await getSecret('my-secret');
};

Advanced usage

Caching

By default, the provider will cache parameters retrieved in-memory for 5 seconds. You can adjust how long values should be kept in cache by using the maxAge parameter.

Example

import { getSecret } from '@aws-lambda-powertools/parameters/secrets';

export const handler = async (): Promise<void> => {
  // Retrieve a secret and cache it for 10 seconds
  const secret = await getSecret('my-secret', { maxAge: 10 });
};

If instead you'd like to always ensure you fetch the latest parameter from the store regardless if already available in cache, use the forceFetch parameter.

Example

import { getSecret } from '@aws-lambda-powertools/parameters/secrets';

export const handler = async (): Promise<void> => {
  // Retrieve a secret and always fetch the latest value
  const secret = await getSecret('my-secret', { forceFetch: true });
};

Transformations

For parameters stored as JSON or base64-encoded strings, you can use the transform argument set to json or binary for deserialization.

Example

import { getSecret } from '@aws-lambda-powertools/parameters/secrets';

export const handler = async (): Promise<void> => {
  // Retrieve a secret and parse it as JSON
  const secret = await getSecret('my-secret', { transform: 'json' });
};

Extra SDK options

When retrieving a secret, you can pass extra options to the AWS SDK v3 for JavaScript client by using the sdkOptions parameter.

Example

import { getSecret } from '@aws-lambda-powertools/parameters/secrets';

export const handler = async (): Promise<void> => {
  // Retrieve a secret and pass extra options to the AWS SDK v3 for JavaScript client
  const secret = await getSecret('my-secret', {
    sdkOptions: {
      VersionId: 1,
    },
  });
};

This object accepts the same options as the AWS SDK v3 for JavaScript Secrets Manager client.

Built-in provider class

For greater flexibility such as configuring the underlying SDK client used by built-in providers, you can use the SecretsProvider class.

For more usage examples, see our documentation.

See

https://docs.powertools.aws.dev/lambda/typescript/latest/utilities/parameters/

Settings

Member Visibility

On This Page

IntroGetting startedBasic usageAdvanced usage