A CLI tool to fetch AWS Secrets Manager secrets and save them as .env files.
- Fetch secrets from AWS Secrets Manager
- Save secrets in different formats (stdout, JSON, .env, YAML, CSV)
- Write output directly to a specified file with the
--fileoption - Support for all AWS Secrets Manager formats (JSON, plain text, binary)
- List available secrets with optional filtering
- Stdout output uses the same KEY=VALUE format as .env files
# One-line installation
curl -fsSL https://raw.githubusercontent.com/amioranza/sm2env/main/install.sh | bash# Add the tap
brew tap amioranza/tools
# Install sm2env
brew install sm2envYou can download pre-built binaries from the GitHub Releases page.
# Download the latest release
curl -L https://github.com/amioranza/sm2env/releases/latest/download/sm2env-v*-x86_64-linux.tar.gz -o sm2env.tar.gz
# Extract the binary
tar -xzf sm2env.tar.gz
# Move to a directory in your PATH
sudo mv sm2env /usr/local/bin/# Download the latest release
curl -L https://github.com/amioranza/sm2env/releases/latest/download/sm2env-v*-x86_64-apple-darwin.tar.gz -o sm2env.tar.gz
# Extract the binary
tar -xzf sm2env.tar.gz
# Move to a directory in your PATH
sudo mv sm2env /usr/local/bin/Download the ZIP file from the Releases page and extract it to a location in your PATH.
Make sure you have Rust and Cargo installed. Then, you can build the project:
cargo build --releaseThe compiled binary will be available at target/release/sm2env.
sm2env listWith filtering:
sm2env list --filter devRetrieve a secret and save it as a .env file (default):
sm2env get my-secret-nameSpecify a different output format:
# Print to stdout in KEY=VALUE format
sm2env get my-secret-name --output stdout
# Save as JSON file
sm2env get my-secret-name --output json
# Save as YAML file
sm2env get my-secret-name --output yaml
# Save as CSV file (key,value format)
sm2env get my-secret-name --output csv
# Save as .env file (default)
sm2env get my-secret-name --output envYou can use the --file option to write the output directly to a specified file path:
# Write to a specific .env file
sm2env get my-secret-name --output env --file /path/to/my-custom.env
# Write JSON output to a file
sm2env get my-secret-name --output json --file /path/to/config.json
# Write YAML output to a file
sm2env get my-secret-name --output yaml --file /path/to/config.yaml
# Write CSV output to a file
sm2env get my-secret-name --output csv --file /path/to/config.csv
# Write raw content to a file (using stdout format)
sm2env get my-secret-name --output stdout --file /path/to/output.txtImportant notes about the --file option:
- The
--fileoption works with all output formats (stdout,json,env,yaml,csv) - When using
--output stdoutwith--file, the raw content is written to the file without affecting the original format - The file extension is not automatically added; you must specify the complete filename
- If no
--fileoption is provided, the tool behaves as before (writes to default file based on format) - The
--fileoption takes precedence over the default behavior for each output format
- Default file:
.env - Format:
KEY=VALUEpairs, one per line - No quotes around values
- Default file:
secret.json - Format: Standard JSON with pretty-printing
- Default file:
secret.yaml - Format: Standard YAML
- Default file:
secret.csv - Format: RFC 4180 compliant CSV with a header row (
key,value) - All values properly escaped according to CSV standards
- Directly prints to console
- For key-value pairs, prints in
KEY=VALUEformat - For binary data, indicates size in bytes
This tool uses the AWS SDK for Rust, which looks for credentials in the following order:
- Environment variables:
AWS_ACCESS_KEY_IDandAWS_SECRET_ACCESS_KEY - AWS credentials file:
~/.aws/credentials - IAM role for Amazon EC2 or ECS task role
Make sure you have the appropriate AWS credentials configured before using this tool.
MIT