A Next.js application with an API endpoint to retrieve secrets from AWS Secrets Manager.
- Install dependencies:
npm install-
Configure AWS:
- The application uses AWS default credential chain (IAM roles, instance profiles, etc.)
- No access keys required when running on AWS infrastructure with proper IAM roles
- Optional environment variable:
AWS_REGION- AWS region (e.g.,ap-south-1). Can also be passed as query parameter.
-
(Optional) Create a
.env.localfile:
AWS_REGION=ap-south-1Note: When running on AWS (EC2, ECS, Lambda), the application will automatically use IAM roles. No credentials needed!
Start the development server:
npm run devGET/POST /api/secrets?name=<secret-name>®ion=<region>&versionStage=<stage>
Retrieves a secret from AWS Secrets Manager using IAM roles (no access keys required).
Query Parameters:
name(required): The name of the secret to retrieveregion(optional): AWS region (e.g.,ap-south-1). Defaults toAWS_REGIONenv var orap-south-1versionStage(optional): Version stage likeAWSCURRENT,AWSPREVIOUS. Defaults toAWSCURRENT
Example:
curl "http://localhost:3000/api/secrets?name=my-secret-name®ion=ap-south-1&versionStage=AWSCURRENT"Response:
{
"success": true,
"secret": {
"name": "my-secret-name",
"value": "secret-value",
"region": "ap-south-1",
"versionStage": "AWSCURRENT"
}
}Error Response:
{
"success": false,
"error": "Error message"
}- No access keys required - Uses AWS default credential chain (IAM roles, instance profiles)
- Never commit
.env.localor any files containing credentials - Use IAM roles with least privilege access (
secretsmanager:GetSecretValuepermission) - Consider adding authentication/authorization to the API endpoint in production
- Use environment-specific secret names
- When running on AWS infrastructure (EC2, ECS, Lambda), ensure the IAM role has proper Secrets Manager permissions