> ## Documentation Index
> Fetch the complete documentation index at: https://www.qovery.com/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# AWS Secrets Manager

> Integrate AWS Secrets Manager with Qovery

AWS Secrets Manager is a secrets management service that helps you protect access to your applications, services, and IT resources. You can use it to easily rotate, manage, and retrieve database credentials, API keys, and other secrets throughout their lifecycle.

## Recommended Approach

Qovery recommends using AWS Secrets Manager with [Doppler](/integrations/secret-managers/doppler) to ease the synchronization of AWS Secrets Manager with Qovery.

## Integration Methods

### API Keys

You can store your AWS API keys (Access Key ID and Secret Access Key) in Qovery's environment variables and reference them in your application as standard environment variables.

Your application can then use the AWS SDK to connect to AWS Secrets Manager using these credentials.

### Assume Roles (Recommended)

For EKS clusters, the recommended approach is to use IAM roles for service accounts (IRSA). This allows your applications to assume an IAM role and connect to AWS Secrets Manager without storing static credentials.

This method provides:

* Enhanced security with no static credentials
* Automatic credential rotation
* Fine-grained access control
* AWS CloudTrail audit logging

To configure IAM roles for your applications:

1. Create an IAM role with permissions to access AWS Secrets Manager
2. Configure the role to be assumable by your Kubernetes service account
3. Annotate your application's service account with the IAM role ARN
4. Use the AWS SDK in your application to access secrets

## Using AWS SDK

Once configured, your application can use the AWS SDK to retrieve secrets:

**Example (Node.js):**

```javascript theme={null}
const AWS = require('aws-sdk');
const client = new AWS.SecretsManager({ region: 'us-east-1' });

client.getSecretValue({ SecretId: 'my-secret' }, (err, data) => {
  if (err) throw err;
  const secret = JSON.parse(data.SecretString);
  // Use your secret
});
```

**Example (Python):**

```python theme={null}
import boto3
import json

client = boto3.client('secretsmanager', region_name='us-east-1')
response = client.get_secret_value(SecretId='my-secret')
secret = json.loads(response['SecretString'])
# Use your secret
```

## Next Steps

<CardGroup cols={2}>
  <Card title="Doppler" icon="key" href="/configuration/integrations/secret-managers/doppler">
    Use Doppler with AWS Secrets Manager
  </Card>

  <Card title="Environment Variables" icon="code" href="/configuration/environment-variables">
    Configure environment variables
  </Card>

  <Card title="AWS EKS" icon="https://mintcdn.com/qovery/Nvnl0g5BHzA0XQmy/images/logos/cloud-providers/aws-icon.svg?fit=max&auto=format&n=Nvnl0g5BHzA0XQmy&q=85&s=12ef689645255696bfa4054d6e3aeaff" href="/configuration/integrations/kubernetes/eks/overview" width="24" height="24" data-path="images/logos/cloud-providers/aws-icon.svg">
    Learn about EKS integration
  </Card>

  <Card title="Security Overview" icon="shield" href="/getting-started/security-and-compliance/overview">
    Security best practices
  </Card>
</CardGroup>