If you build .NET apps that run on AWS, you have probably lived this moment. A connection string, an API key, maybe a signing secret, all sitting in appsettings.json where they really should not be. So you move them to AWS Secrets Manager, which is the right call, and then you notice the boring part. Now you have to write code to fetch the secret, parse it, and feed every value into the rest of your app.

I built a small NuGet package to make that last part disappear, which is exactly what you want from secrets handling. It is called RF.AWSSecretsManager.Configuration, and it connects AWS Secrets Manager to the standard .NET configuration system. The rest of your code does not change at all.

Here is the whole idea in one sentence. Your secret lives in AWS as JSON, the package reads it once at startup, and every value shows up in IConfiguration as if it had always been there.

The problem with the usual approach

Most teams start by reading the secret by hand. You create an AWS SDK client, call GetSecretValue, deserialize the JSON, and then copy values into your options classes. It works, but it spreads AWS specific code across your startup, it usually ends up logging things it should not, and it does not play nicely with the configuration system that the rest of .NET already uses.