Application Secrets

Architecture

Centralize all application secrets in Secrets Manager:

• Environment variables - API keys, database URLs, service endpoints
• Feature flags - Runtime configuration toggles
• Service credentials - Authentication tokens and certificates
• Configuration data - JSON-structured application settings

When to Use

Use this pattern when your application requires:

• Multiple environment configurations (dev, staging, production)
• Secure storage of sensitive configuration values
• Centralized secret management across microservices
• Compliance requirements for secret handling

Example Implementation

module "app_secrets" {
  source  = "registry.patterneddesigns.ca/patterneddesigns/secrets-manager/aws"
  version = "2.1.0"

  name = "${var.environment}/app/config"
  secret_string = jsonencode({
    database_url = var.database_url
    api_key      = var.api_key
    log_level    = var.log_level
  })

  kms_key_id = module.kms.key_id
}