Skip to content

5.1. Using with AWS Parameter Store

Jump to bottom
Michael De Soto edited this page May 7, 2025 · 1 revision

AWS Systems Manager Parameter Store provides secure, hierarchical storage for configuration data and secrets management.

Module Configuration

Initialize the SSMClient and pass it to SecretsModule.

// app.module.ts
import {Module} from '@nestjs/common';
import {SecretsModule} from '@floracodex/nestjs-secrets';
import {SSMClient} from '@aws-sdk/client-ssm';

@Module({
    imports: [
        SecretsModule.forRoot({
            files: ['settings.yaml', 'settings.local.yaml'],
            isGlobal: true,
            // Client for AWS Parameter Store (provider auto-detected or use provider: 'AwsParameterStoreProvider')
            client: new SSMClient({
                region: 'us-east-1' // Specify your AWS region
                // Configure credentials as needed
            })
        })
    ]
})
export class AppModule {
}

Note: For robust credential and region management, consult the official AWS SDK for JavaScript v3 documentation, particularly for the SSMClient.

Recognized Secret Reference Formats:

In your configuration files (e.g., settings.yaml), use the native AWS Parameter Store parameter name (path) or its full ARN:

  1. Parameter Name (Path): Simple path-based names.
    • Example: /myapplication/dev/database_password
  2. Parameter ARN: The full Amazon Resource Name.
    • Example: arn:aws:ssm:us-east-1:123456789012:parameter/myapplication/dev/api_key

Example settings.yaml:

database:
    # Using Parameter Name (Path)
    password: '/myapplication/dev/database_password'
api:
    # Using Parameter ARN
    key: 'arn:aws:ssm:us-east-1:123456789012:parameter/myapplication/dev/api_key'
Clone this wiki locally