{"id":28465734,"url":"https://github.com/squareboat/secrets-injector","last_synced_at":"2026-03-07T18:05:21.991Z","repository":{"id":272888986,"uuid":"912442986","full_name":"squareboat/secrets-injector","owner":"squareboat","description":"A NestJS module for securely fetching environment variables from AWS Secrets Manager and injecting them into process.env during the build process.","archived":false,"fork":false,"pushed_at":"2025-01-27T11:10:23.000Z","size":952,"stargazers_count":8,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-07-04T07:06:10.250Z","etag":null,"topics":["aws-secrets-manager","dotenv","environment-variables","secret-injection","secrets-injector","secrets-management"],"latest_commit_sha":null,"homepage":"https://www.npmjs.com/package/secrets-injector","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/squareboat.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-01-05T15:37:24.000Z","updated_at":"2025-03-25T07:24:38.000Z","dependencies_parsed_at":"2025-05-18T05:42:19.091Z","dependency_job_id":null,"html_url":"https://github.com/squareboat/secrets-injector","commit_stats":null,"previous_names":["anubhavjain786/secrets-injector","squareboat/secrets-injector"],"tags_count":2,"template":false,"template_full_name":null,"purl":"pkg:github/squareboat/secrets-injector","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/squareboat%2Fsecrets-injector","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/squareboat%2Fsecrets-injector/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/squareboat%2Fsecrets-injector/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/squareboat%2Fsecrets-injector/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/squareboat","download_url":"https://codeload.github.com/squareboat/secrets-injector/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/squareboat%2Fsecrets-injector/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":266815282,"owners_count":23988563,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-07-24T02:00:09.469Z","response_time":99,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws-secrets-manager","dotenv","environment-variables","secret-injection","secrets-injector","secrets-management"],"created_at":"2025-06-07T06:07:12.913Z","updated_at":"2026-03-07T18:05:16.962Z","avatar_url":"https://github.com/squareboat.png","language":"TypeScript","funding_links":["https://paypal.me/Anubhavjain786"],"categories":[],"sub_categories":[],"readme":"# Secrets-Injector\n\n**Secrets-Injector** is an npm package that simplifies the process of fetching environment variables from AWS Secrets Manager and injecting them into `process.env` during the build process of a NestJS application. It helps you securely manage and use sensitive configuration data in your application, without having to manually manage environment files.\n\n\u003cp align=\"center\"\u003e\n  \u003ca href=\"http://nestjs.com\"\u003e\u003cimg alt=\"Logo\" src=\"https://github.com/user-attachments/assets/77c83c57-bb0a-4e47-98cc-ef39caec13a2\" width=\"400\" /\u003e\u003c/a\u003e\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n  A \u003ca href=\"https://github.com/nestjs/nest\" target=\"_blank\"\u003eNest\u003c/a\u003e module wrapper for \u003ca href=\"https://aws.amazon.com/secrets-manager/\" target=\"_blank\"\u003eaws secrets manager\u003c/a\u003e \n\u003c/p\u003e\n\n## Table of Contents\n\n- [Features](#features)\n- [Installation](#installation)\n- [Quick Start](#quick-start)\n- [Usage](#usage)\n  - [Create the Secrets Manager Service](#create-the-secrets-manager-service)\n  - [Set process env variables from AWS Secrets Manager](#set-process-env-variables-from-aws-secrets-manager)\n  - [Async Configuration](#async-configuration)\n- [Options](#options)\n- [Contributing](#contributing)\n- [Stay in Touch](#stay-in-touch)\n- [License](#license)\n\n## Features\n\n- Fetch environment variables from AWS Secrets Manager.\n- Inject the secrets directly into `process.env` during the build process.\n- Seamlessly integrate with NestJS applications.\n- Simple, secure, and easy to configure.\n\n## Installation\n\nTo install `secrets-injector`, use the following command:\n\n```bash\nnpm i secrets-injector @aws-sdk/client-secrets-manager\n```\n\nIf you're having trouble configuring `secrets-injector`, you can clone the repository and run a `sample` app:\n\n```bash\ngit clone https://github.com/Anubhavjain786/secrets-injector.git\ncd secrets-injector/samples/quick-start\nnpm install\nnpm run start:dev\n```\n\n## Quick start\n\nTo get started, import `AWSSecretsManagerModule` into the root `AppModule` and use the `forRoot()` method to configure it. This method accepts the object as [AWSSecretsManagerModuleOptions](https://github.com/Anubhavjain786/secrets-injector#options), you can also checkout [samples](https://github.com/Anubhavjain786/secrets-injector/tree/main/samples)\n\n```typescript\nimport { Module } from '@nestjs/common';\nimport { SecretsManagerClient } from '@aws-sdk/client-secrets-manager';\n\nimport {\n  AWSSecretsManagerModule,\n  AWSSecretsManagerModuleOptions,\n} from 'secrets-injector';\n\nimport { AppService } from './app.service';\nimport { AppController } from './app.controller';\nimport { AWSDBCredentialsService } from './aws-secrets.service';\n\nconst AWSSecretsManagerProps: AWSSecretsManagerModuleOptions = {\n  secretsManager: new SecretsManagerClient({\n    region: 'ap-south-1',\n  }),\n};\n\n@Module({\n  imports: [\n    AWSSecretsManagerModule.forRoot(AWSSecretsManagerProps),\n    AWSDBCredentialsService,\n  ],\n  controllers: [AppController],\n  providers: [AppService, AWSDBCredentialsService],\n})\nexport class AppModule {}\n```\n\n### Create the Secrets Manager Service\n\nNow we have `getSecretsByID` method on `AWSSecretsService` from we can retrive aws secrets using name or ARN\n\n```typescript\nimport { Injectable } from '@nestjs/common';\nimport { AWSSecretsService } from 'secrets-injector';\n\ninterface DBCredentials {\n  host: string;\n  port: number;\n  user: string;\n  password: string;\n  database: string;\n}\n\n@Injectable()\nexport class AWSDBCredentialsService {\n  constructor(private readonly secretsRetrieverService: AWSSecretsService) {}\n\n  async getDBCredentials(): Promise\u003cDBCredentials\u003e {\n    return await this.secretsRetrieverService.getSecretsByID\u003cDBCredentials\u003e(\n      'db-credentials',\n    ); // where db-credentials is the secret id\n  }\n}\n```\n\n### Set process env variables from aws secrets manager\n\nWe also can able to set value on process on starting, which allows us to retrive secrets using `process.env` or `@nest/config` module\n\n```typescript\nimport { Module } from '@nestjs/common';\nimport { SecretsManagerClient } from '@aws-sdk/client-secrets-manager';\nimport {\n  AWSSecretsManagerModule,\n  AWSSecretsManagerModuleOptions,\n} from 'secrets-injector';\n\nimport { AppService } from './app.service';\nimport { AppController } from './app.controller';\n\nconst AWSSecretsManagerProps: AWSSecretsManagerModuleOptions = {\n  secretsManager: new SecretsManagerClient({\n    region: 'ap-south-1',\n  }),\n  isSetToEnv: true, // set all secrets to env variables which will be available in process.env or @nest/config module\n  secretsSource: 'test/sm', // OR array or secrets name or ARN  [ \"db/prod/config\" ,\"app/prod/config\"],\n};\n\n@Module({\n  imports: [AWSSecretsManagerModule.forRoot(AWSSecretsManagerProps)],\n  controllers: [AppController],\n  providers: [AppService],\n})\nexport class AppModule {}\n```\n\nAfterward, Aws secrets from provided `secretsSource` can be access via `process.env` for `@nestjs/config` module\n\n## Async configuration\n\n\u003e **Caveats**: because the way Nest works, you can't inject dependencies exported from the root module itself (using `exports`). If you use `forRootAsync()` and need to inject a service, that service must be either imported using the `imports` options or exported from a [global module](https://docs.nestjs.com/modules#global-modules).\n\u003e Maybe you need to asynchronously pass your module options, for example when you need a configuration service. In such case, use the `forRootAsync()` method, returning an options object from the `useFactory` method:\n\n```typescript\nimport { Module } from '@nestjs/common';\nimport { SecretsManagerClient } from '@aws-sdk/client-secrets-manager';\nimport { AWSSecretsManagerModule } from 'secrets-injector';\n\nimport { AppService } from './app.service';\nimport { AppController } from './app.controller';\n\nimport { ConfigModule, ConfigService } from '@nestjs/config';\n@Module({\n  imports: [\n    ConfigModule.forRoot({\n      isGlobal: true,\n    }),\n    AWSSecretsManagerModule.forRootAsync({\n      useFactory: (configService: ConfigService) =\u003e ({\n        secretsManager: new SecretsManagerClient({\n          region: configService.get('AWS_REGION'),\n        }),\n        isSetToEnv: true, // set all secrets to env variables which will be available in process.env or @nest/config module\n        secretsSource: [\n          configService.get('AWS_SECRET_ID'), // name or array of secret names\n        ],\n        isDebug: configService.get('NODE_ENV') === 'development',\n      }),\n      inject: [ConfigService],\n    }),\n  ],\n  controllers: [AppController],\n  providers: [AppService],\n})\nexport class AppModule {}\n```\n\nThe factory might be async, can inject dependencies with `inject` option and import other modules using the `imports` option.\n\n### Options\n\nConfiguration options parameter for `AWSSecretsManagerModule` is defined as `AWSSecretsManagerModuleOptions` interface\n\n```typescript\nexport interface AWSSecretsManagerModuleOptions {\n  secretsManager: SecretsManagerClient;\n  isSetToEnv?: boolean;\n  secretsArn?: string | string[];\n  isDebug?: boolean;\n}\n```\n\nwhich is available for import from `secrets-injector` module\n\n```typescript\nimport { AWSSecretsManagerModuleOptions } from 'secrets-injector';\n```\n\n## Contributing\n\nNew features and bugfixes are always welcome! In order to contribute to this project, follow a few easy steps:\n\n\u003c!-- \u003cp align=\"center\"\u003e --\u003e\n\u003c!--   \u003ca href=\"https://paypal.me/Anubhavjain786\" target=\"_blank\"\u003e\u003cimg src=\"https://img.shields.io/badge/Donate-PayPal-ff3f59.svg\"/\u003e\u003c/a\u003e --\u003e\n\u003c!-- \u003c/p\u003e --\u003e\n\n1. [Fork](https://help.github.com/en/github/getting-started-with-github/fork-a-repo) this repository and clone it on your machine\n2. Open the local repository with [Visual Studio Code](https://code.visualstudio.com/) with the remote development feature enabled (install the [Remote Development extension](https://marketplace.visualstudio.com/items?itemName=ms-vscode-remote.vscode-remote-extensionpack))\n3. Create a branch (e.g., `my-awesome-feature`) and make your changes.\n4. Run the following commands to ensure the code is formatted and passes lint checks:\n\n```bash\nnpm run lint\nnpm run format\nnpm run build\n```\n\n5. Push your changes and open a [pull request](https://help.github.com/en/github/collaborating-with-issues-and-pull-requests/about-pull-requests)\n\n## Stay in touch\n\n- Author - [Anubhav Jain](mailto::anubhavj660@gmail.com)\n- Github - [Anubhavjain786](https://github.com/Anubhavjain786)\n- Twitter - [@anubhavjain660](https://x.com/anubhavjain660)\n\n## License\n\n`secrets-injector` is is MIT licensed. See [Licensed](LICENSE).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsquareboat%2Fsecrets-injector","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsquareboat%2Fsecrets-injector","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsquareboat%2Fsecrets-injector/lists"}