🚀 New! Kestra raises $3 million to grow Learn more

With this integration, Namespace Secrets will be stored in AWS Secret Manager. The AWS IAM user or role for this integration needs to have the following permissions: CreateSecret, DeleteSecret, DescribeSecret, GetSecretValue, ListSecrets, PutSecretValue, RestoreSecret, TagResource, UpdateSecret.


You can configure the authentication to AWS Cloud in multiple ways:

  • Using accessKeyId and secretKeyId properties
  • Adding sessionToken, accessKeyId and secretKeyId properties
  • If the above properties are not set, Kestra will use the default AWS authentication, in the same way as AWS CLI handles it (i.e. trying to use the AWS CLI profile or the default environment variables AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY and AWS_DEFAULT_REGION)
      accessKeyId: "test"
      secretKeyId: "test"
      sessionToken: "token"

Additional configuration


The AWS region to be used by the Secrets Manager


Optional property to store secrets separately for a different namespace, tenant, or instance. If configured, Kestra will prefix all Secret keys using that prefix. The main purpose of a prefix is to share the same secret manager between multiple Kestra instances.


Optional property to replace AWS default endpoint by an AWS-compatible service such as MinIO.