AWS Secrets Manager Extension

Natively read your AWS Secrets in Liquibase. For more information, see AWS Secrets Manager documentation.

Supported products

Liquibase Pro


  • Liquibase 4.12+
  • Liquibase Pro license
  • AWS Credentials


The easiest way to install this extension is with lpm (Liquibase Package Manager).

lpm update
lpm add aws-secrets-manager


A Liquibase Pro License key is required.

Configure your AWS credentials in any standard method. aws_access_key_id, aws_secret_access_key and aws_region are required.


Any property in a file can be stored in AWS Secrets Manager. Use the syntax VAULT,SECRET,KEY to tell the vault plugin which properties to populate from the vault. You can also enable support for AWS Systems Manager with VAULT,PARAMETER.

            # AWS Secrets Manager
url= aws-secrets,liquibase-secret,url
username= aws-secrets,liquibase-secret,username
password= aws-secrets,liquibase-secret,password

# AWS Systems Manager
url= aws-ssm,liquibase-secret-url
username= aws-ssm,liquibase-secret-username
password= aws-ssm,liquibase-secret-password


Please submit all feedback and issues to this idea board.