@sidebase/ssm-secrets
Advanced tools
Simple AWS SSM Secrets Manager CLI Securely manage your AWS SSM Parameters — authenticate once via your OS keyring and easily list, get, write, or delete secrets.
keyring-node, powered by keyring-rs).env or JSONInstall globally (recommended):
npm install -g @sidebase/ssm-secrets
Or use via npx:
npx ssm-secrets --package @sidebase/ssm-secrets
ssm-secrets <command> [options]
Run ssm-secrets --help or ssm-secrets <command> --help for details.
Store AWS credentials in your system keyring.
ssm-secrets auth
You’ll be prompted for:
AWS Region: (default: eu-central-1)
AWS Access Key ID:
AWS Secret Access Key:
These are securely saved using your OS’s secret store:
List all parameters under a given SSM path.
ssm-secrets list <path> [--format <env|json>]
ssm-secrets list my/service
ssm-secrets list my/service --format env
Output formats:
json (default) → structured object ({"PARAM": "value"})env → shell-style lines suitable for source (PARAM='value')Retrieve one parameter by path and name.
ssm-secrets get <path> <name>
Example:
ssm-secrets get my/service DB_PASSWORD
Outputs full JSON metadata from SSM.
Add or update a parameter in SSM.
ssm-secrets put <path> <name> <value>
Aliases:
ssm-secrets write ...
ssm-secrets set ...
Example:
ssm-secrets put my/service DB_PASSWORD supersecret
Displays when successful:
✅ Parameter stored with version 3
Remove a parameter from SSM.
ssm-secrets delete <path> <name>
Example:
ssm-secrets delete my/service DB_PASSWORD
Outputs:
✅ Parameter deleted
You can also use the API directly in Node.js:
import { listParameters, getParameter, putParameter, deleteParameter } from '@sidebase/ssm-secrets'
const secrets = await listParameters('my/service')
console.log(secrets)
await putParameter('my/service', 'DB_PASSWORD', 'supersecret')
All functions automatically use the credentials stored via ssm-secrets auth.
The CLI supports exporting secrets in .env-compatible format:
ssm-secrets list my/app --format env > .env
You can then source them in a shell:
export $(cat .env | xargs)
or directly
source <(ssm-secrets list my/app --format env)
Credentials are stored securely in the system keyring via keyring-node:
| Platform | Backend used |
|---|---|
| Linux | Secret Service (works with GNOME Keyring / KWallet) |
| macOS | macOS Keychain |
| Windows | Credential Manager |
Nothing sensitive is stored in plaintext.
ssm-secrets auth
ssm-secrets put my/app DB_USER myuser
ssm-secrets put my/app DB_PASS mypassword
ssm-secrets list my/app --format env
Output:
DB_USER='myuser'
DB_PASS='mypassword'
MIT
FAQs
AWS SSM command-line and programmatic utility
We found that @sidebase/ssm-secrets demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
/Security News
The Socket Threat Research Team uncovered a coordinated campaign that floods the Chrome Web Store with 131 rebranded clones of a WhatsApp Web automation extension to spam Brazilian users.
Security News
ENISA’s 2025 Threat Landscape report highlights how AI is reshaping cyber attacks, driving phishing, model poisoning, and software supply chain risks.
Security News
Evan You announces Vite+, a commercial, Rust-powered toolchain built on the Vite ecosystem to unify JavaScript development and fund open source.