Skip to main content
Bifrost integrates with AWS Secrets Manager for cloud-native secret storage, allowing you to store provider API keys and virtual keys in your AWS environment and automatically sync them into Bifrost.

Configuration

Add a vault block to your Bifrost configuration to connect to AWS Secrets Manager: 
{
  "vault": {
    "type": "aws_secrets_manager",
    "region": "us-east-1",
    "access_key_id": "${AWS_ACCESS_KEY_ID}",
    "secret_access_key": "${AWS_SECRET_ACCESS_KEY}",
    "sync_interval": "300s"
  }
}

Configuration Fields

FieldTypeDescription
typestringMust be set to "aws_secrets_manager" to use AWS Secrets Manager.
regionstringThe AWS region where your secrets are stored (e.g., "us-east-1").
access_key_idstringAWS access key ID for authentication. Supports environment variable interpolation via ${AWS_ACCESS_KEY_ID}.
secret_access_keystringAWS secret access key for authentication. Supports environment variable interpolation via ${AWS_SECRET_ACCESS_KEY}.
sync_intervalstringHow often Bifrost syncs keys from AWS Secrets Manager. Accepts duration strings such as "300s", "5m", or "1h".
The sync_interval field controls how frequently Bifrost polls your vault for key changes. Lower intervals detect changes faster but increase load on your vault server. See the Vault Support page for full sync configuration options including sync_paths and auto_deprecate.
For key synchronization, deprecation management, and security configuration, see Vault Support.