secret naming

jetbridge · Jul 2, 2024 · df32cc0 · df32cc0
1 parent 8d786c3
commit df32cc0
Showing 1 changed file with 7 additions and 1 deletion.
diff --git a/stacks/secrets.ts b/stacks/secrets.ts
@@ -3,7 +3,8 @@ import { Config, StackContext, use } from 'sst/constructs'
 import { Iam } from './iam'
 import { SECRETS_ARN } from './config'
 
-export function Secrets({ stack }: StackContext) {
+export function Secrets({ stack, app }: StackContext) {
+  // import existing secrets?
   const secretsArn = SECRETS_ARN
 
   // needed for NEXTAUTH_SECRET env var since there is no way to provide it via SST Config
@@ -15,6 +16,7 @@ export function Secrets({ stack }: StackContext) {
     secrets = secretsArn
       ? Secret.fromSecretCompleteArn(stack, 'Secrets', secretsArn)
       : new Secret(stack, 'App', {
+          secretName: app.logicalPrefixedName('app'),
           description: `${stack.stackName} ${stack.stage} secrets`,
           // secret default template
           generateSecretString: {
@@ -26,7 +28,11 @@ export function Secrets({ stack }: StackContext) {
   }
 
   // add more SST secrets here
+  // see SST Config docs for more info
   const SECRET_1 = new Config.Secret(stack, 'SECRET_1')
 
+  // grant your app permissions to access the SST secrets
+  app.addDefaultFunctionBinding([SECRET_1])
+
   return { secrets, SECRET_1 }
 }