Skip to content
22K
Console

Secret

Reference doc for the `sst.Secret` component.

The Secret component lets you create secrets in your app.

Secrets are encrypted and stored in an S3 Bucket in your AWS account. If used in your app config, they’ll be encrypted in your state file as well. If used in your function code, they are encrypted and included in the bundle. They’ll are then decrypted synchronously when your function starts up by the SST SDK.

Create a secret

The name of a secret follows the same rules as a component name. It must start with a capital letter and contain only letters and numbers.

sst.config.ts
const secret = new sst.Secret("MySecret");

Set a placeholder

You can optionally set a placeholder.

sst.config.ts
const secret = new sst.Secret("MySecret", "my-secret-placeholder-value");

Set the value of the secret

You can then set the value of a secret using the CLI.

Terminal
sst secret set MySecret my-secret-value

Set a fallback for the secret

You can set a fallback value for the secret with the --fallback flag. If the secret is not set for a stage, it’ll use the fallback value instead.

Terminal
sst secret set MySecret my-fallback-value --fallback

This is useful for PR environments that are auto-deployed.

Use the secret in your app config

You can now use the secret in your app config.

sst.config.ts
console.log(mySecret.value);

This is an Output that can be used as an Input to other components.

You can link the secret to other resources, like a function or your Next.js app.

sst.config.ts
new sst.aws.Nextjs("MyWeb", {
link: [secret]
});

Once linked, you can use the secret in your function code.

app/page.tsx
import { Resource } from "sst";
console.log(Resource.MySecret.value);

Constructor

new Secret(name, placeholder?)

Parameters

  • name string

  • placeholder? Input<string>

    A placeholder value of the secret. This can be useful for cases where you might not be storing sensitive values.

Properties

name

Type Output<string>

The name of the secret.

placeholder

Type undefined | Output<string>

The placeholder value of the secret.

value

Type Output<string>

The value of the secret. It’ll be undefined if the secret has not been set through the CLI or if the placeholder hasn’t been set.

SDK

Use the SDK in your runtime to interact with your infrastructure.


This is accessible through the Resource object in the SDK.

  • value string

    The value of the secret. It’ll be undefined if the secret has not been set through the CLI or if the placeholder hasn’t been set.