← Back to Docs Home

Migration from AWS Secrets Manager

Migrate secrets from AWS Secrets Manager to QNSI.

Migration from AWS Secrets Manager

Migrate secrets from AWS Secrets Manager to QNSI.

Prerequisites

  • AWS CLI configured
  • QNSI CLI configured
  • IAM permissions for Secrets Manager

Migration steps

1. List secrets

aws secretsmanager list-secrets --query 'SecretList[].Name'

2. Export secrets

#!/bin/bash
for secret in $(aws secretsmanager list-secrets --query 'SecretList[].Name' --output text); do
  aws secretsmanager get-secret-value \
    --secret-id "$secret" \
    --query 'SecretString' \
    --output text > "exports/$secret.json"
done

3. Import to QNSI

Import secrets by creating them via the Vault API or the Vault SDK.

Automated migration

Automated migration tooling is not shipped in this repo.

Rotation configuration

AWS Secrets Manager rotation needs reconfiguration:

{
  "rotation": {
    "enabled": true,
    "schedule": "rate(30 days)"
  }
}

Application updates

Update applications to use QNSI SDK:

// Before (AWS SDK)
const secret = await secretsManager.getSecretValue({SecretId: 'my-secret'});

// After (QNSI SDK)
// Use the Vault SDK and request secret values by ID.