Skip to main content
Manage the secrets in your app defined with sst.Secret. The --fallback flag can be used to manage the fallback values of a secret. Applies to all the sub-commands in sst secret. 
sst secret set MySecret value --fallback

Options

--fallback

Manage the fallback values of secrets. 
sst secret list --fallback
Fallback values are used when a secret is not set for a specific stage. This is useful for preview environments that are automatically deployed.

Subcommands

sst secret set

Set the value of the secret. The secrets are encrypted and stored in an S3 Bucket in your AWS account. They are also stored in the package of the functions using the secret.
If you are not running sst dev, you’ll need to sst deploy to apply the secret.
For example, set the sst.Secret called StripeSecret to 123456789: 
sst secret set StripeSecret dev_123456789

Arguments

name
string
required
The name of the secret.
value
string
The value of the secret. If not provided, you’ll be prompted to enter it.

Examples

Set a secret: 
sst secret set StripeSecret 123456789
Set a secret for a specific stage: 
sst secret set StripeSecret prod_123456789 --stage production
Set a fallback value: 
sst secret set StripeSecret dev_123456789 --fallback
Set fallback values for your PR stages.
This is useful for preview environments that are automatically deployed. You won’t have to set the secret for the stage after it’s deployed. Set from stdin: To set something like an RSA key, you can first save it to a file: 
cat > tmp.txt <<EOF
-----BEGIN RSA PRIVATE KEY-----
MEgCQQCo9+BpMRYQ/dL3DS2CyJxRF+j6ctbT3/Qp84+KeFhnii7NT7fELilKUSnx
S30WAvQCCo2yU1orfgqr41mM70MBAgMBAAE=
-----END RSA PRIVATE KEY-----
EOF
Then set the secret from the file: 
sst secret set Key < tmp.txt
And make sure to delete the temp file. Interactive input: If you don’t provide a value, you’ll be prompted: 
sst secret set StripeSecret
# Enter value: _

sst secret remove

Remove a secret. For example, remove the sst.Secret called StripeSecret: 
sst secret remove StripeSecret

Arguments

name
string
required
The name of the secret.

Examples

Remove a secret: 
sst secret remove StripeSecret
Remove from a specific stage: 
sst secret remove StripeSecret --stage production
Remove the fallback value: 
sst secret remove StripeSecret --fallback

sst secret list

Lists all the secrets. 
sst secret list

Examples

List all secrets: 
sst secret list
List secrets for a specific stage: 
sst secret list --stage production
List only fallback secrets: 
sst secret list --fallback

sst secret load

Load all the secrets from a file and set them. 
sst secret load ./secrets.env
The file needs to be in the dotenv or bash format of key-value pairs:
secrets.env
KEY_1=VALUE1
KEY_2=VALUE2

Arguments

file
string
required
The file to load secrets from.

Examples

Load secrets from a file: 
sst secret load ./secrets.env
Load for a specific stage: 
sst secret load --stage production ./prod.env
Set as fallback values: 
sst secret load ./secrets.env --fallback
Copy secrets between stages: This command can be paired with the secret list command to get all the secrets from one stage and load them into another: 
sst secret list > ./secrets.env
sst secret load --stage production ./secrets.env
This works because secret list outputs the secrets in the right format.

Build docs developers (and LLMs) love

Get started for freeTalk to us