Secret

The Secret component lets you create secrets in your app.

Watch a video on how secrets work

Secrets are encrypted and stored in an S3 Bucket in your AWS account. If used in your app config, they’ll be encrypted in your state file as well. If used in your function code, they are encrypted and included in the bundle. They’ll are then decrypted synchronously when your function starts up by the SST SDK.

Create a secret

The name of a secret follows the same rules as a component name. It must start with a capital letter and contain only letters and numbers.

Note

Secret names must start with a capital letter and contain only letters and numbers.

sst.config.ts

const secret = new sst.Secret("MySecret");

Set a placeholder

You can optionally set a placeholder.

Tip

Useful for cases where you might use a secret for values that aren’t sensitive, so you can just set them in code.

sst.config.ts

const secret = new sst.Secret("MySecret", "my-secret-placeholder-value");

Set the value of the secret

You can then set the value of a secret using the CLI.

Terminal

sst secret set MySecret my-secret-value

Note

If you are not running sst dev, you’ll need to sst deploy to apply the secret.

Set a fallback for the secret

You can set a fallback value for the secret with the --fallback flag. If the secret is not set for a stage, it’ll use the fallback value instead.

Terminal

sst secret set MySecret my-fallback-value --fallback

This is useful for PR environments that are auto-deployed.

Use the secret in your app config

You can now use the secret in your app config.

sst.config.ts

console.log(mySecret.value);

This is an Output that can be used as an Input to other components.

Link the secret to a resource

You can link the secret to other resources, like a function or your Next.js app.

sst.config.ts

new sst.aws.Nextjs("MyWeb", {
  link: [secret]
});

Once linked, you can use the secret in your function code.

app/page.tsx

import { Resource } from "sst";

console.log(Resource.MySecret.value);

---

Constructor

new Secret(name, placeholder?)

Parameters

• name string

• placeholder? Input<string>

  A placeholder value of the secret. This can be useful for cases where you might not be storing sensitive values.

Properties

name

Type Output<string>

The name of the secret.

placeholder

Type undefined | Output<string>

The placeholder value of the secret.

value

Type Output<string>

The value of the secret. It’ll be undefined if the secret has not been set through the CLI or if the placeholder hasn’t been set.

SDK

Use the SDK in your runtime to interact with your infrastructure.

---

Links

This is accessible through the Resource object in the SDK.

• value string

  The value of the secret. It’ll be undefined if the secret has not been set through the CLI or if the placeholder hasn’t been set.