.env to AWS Secrets Manager
npx e2sm init # Create .e2smrc.jsonc config file npx e2sm set # Upload .env to Secrets Manager npx e2sm get # Display secret value npx e2sm pull # Download secret to .env file npx e2sm delete # Delete secret from Secrets Manager npx e2sm --help # Show help
Creates a .e2smrc.jsonc configuration file in the current directory with commented examples.
npx e2sm init
npx e2sm init --force # Overwrite existing file| Flag | Short | Description |
|---|---|---|
--force |
-f |
Overwrite existing file |
npx e2sm set npx e2sm set -i .env.local -n my-app/prod npx e2sm set --dry-run # Preview JSON without uploading npx e2sm set --force # Skip overwrite confirmation npx e2sm set -t -a my-app -s prod # Template mode: creates "my-app/prod"
| Flag | Short | Description |
|---|---|---|
--input |
-i |
Path to .env file |
--name |
-n |
Secret name |
--dry-run |
-d |
Preview JSON output |
--force |
-f |
Skip overwrite confirmation |
--template |
-t |
Use template mode ($application/$stage) |
--application |
-a |
Application name (implies --template) |
--stage |
-s |
Stage name (implies --template) |
--profile |
-p |
AWS profile |
--region |
-r |
AWS region |
npx e2sm get npx e2sm get -n my-app/prod npx e2sm get -p my-profile -r ap-northeast-1
| Flag | Short | Description |
|---|---|---|
--name |
-n |
Secret name (skip interactive selection) |
--profile |
-p |
AWS profile |
--region |
-r |
AWS region |
npx e2sm pull
npx e2sm pull -n my-app/prod -o .env.local
npx e2sm pull --force # Overwrite existing file| Flag | Short | Description |
|---|---|---|
--name |
-n |
Secret name (skip interactive selection) |
--output |
-o |
Output file path (default: .env) |
--force |
-f |
Overwrite existing file without confirmation |
--profile |
-p |
AWS profile |
--region |
-r |
AWS region |
npx e2sm delete npx e2sm delete -n my-app/prod -d 7 npx e2sm delete -n my-app/prod -d 7 --force
| Flag | Short | Description |
|---|---|---|
--name |
-n |
Secret name (skip interactive selection) |
--recovery-days |
-d |
Recovery window in days (7-30) |
--force |
-f |
Skip confirmation prompt |
--profile |
-p |
AWS profile |
--region |
-r |
AWS region |
Create a .e2smrc.jsonc file to set default options. JSONC format supports comments.
{
"$schema": "https://unpkg.com/e2sm/assets/schema.json",
// Secret name (cannot use with template mode)
"name": "my-secret-name",
// Or use template mode: generate secret name as $application/$stage
// "template": true,
// "application": "my-app",
// "stage": "dev",
// AWS settings
"profile": "my-profile",
"region": "ap-northeast-1",
// File paths
"input": ".env.local",
"output": ".env",
}Searched in order (first found is used):
./.e2smrc.jsonc(project)./.e2smrc.json(project, backward compatibility)~/.e2smrc.jsonc(global)~/.e2smrc.json(global, backward compatibility)
Only the first found config is used (no merging).
CLI flags always take precedence over config file values.
# Uses profile from config npx e2sm set # Overrides config with "prod-profile" npx e2sm set -p prod-profile