Integrating with AWS Secrets Manager

Because Airplane tasks are written in standard code, you can use the AWS SDKs to read secrets from AWS Secrets Manager (and other AWS services such as AWS Parameter Store).

Authenticating with AWS

AWS SDKs support configuring credentials by setting the AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY environment variables. You can create Config variables to store these credentials and attach them as environment variables to your task. (See examples below.)
While this does require you to store AWS API keys in Airplane, this allows you to keep the secrets themselves within AWS.
If you're self-hosting on AWS, you can use IAM roles and avoid API keys entirely. See Custom IAM roles for details.

Example code

We'll need @aws-sdk/client-secrets-manager to talk to the AWS API and fetch the secret (docs).
shell
Copied
1
npm install @aws-sdk/client-secrets-manager
We can define a getSecret function:
typescript
Copied
1
// getSecret.ts
2
import { SecretsManagerClient, GetSecretValueCommand } from "@aws-sdk/client-secrets-manager";
3
4
const client = new SecretsManagerClient({});
5
6
export const getSecret = async (secretName: string) => {
7
const command = new GetSecretValueCommand({ SecretId: secretName });
8
const results = await client.send(command);
9
return results.SecretString;
10
};
And re-use it across tasks:
typescript
Copied
1
// get_aws_secret.airplane.ts
2
import { getSecret } from "./getSecret";
3
4
export default airplane.task(
5
{
6
slug: "get_aws_secret",
7
name: "Get AWS secret",
8
envVars: {
9
// Change to your secret's region
10
AWS_DEFAULT_REGION: "us-west-2",
11
// If you're self-hosting on AWS, you can use IAM roles instead:
12
// https://docs.airplane.dev/self-hosting/aws#custom-iam-roles
13
AWS_ACCESS_KEY_ID: { config: "AWS_ACCESS_KEY_ID" },
14
AWS_SECRET_ACCESS_KEY: { config: "AWS_SECRET_ACCESS_KEY" },
15
},
16
},
17
async (params) => {
18
const secret = await getSecret("test/apiKey");
19
// Do something with secret!
20
console.log(`Secret: ${"*".repeat(secret?.length)}`);
21
},
22
);