Skip to main content


Asynchronous provider that loads data from AWS SSM Parameter store .

Parameter store is useful for storing secrets (like database passwords, jwt secret keys, api keys) in a secure way.

Provider loads parameters in batch (and decrypts them as well) through dataloader which means you can easily define multiple parameters in the config an almost all of them will be loaded in batch.


In order to load SSM parameters you need to have sufficient permissions. We highly recommend narrowing down permissions to give access to parameters that are required for you app, otherwise you're risking unauthorized access to other secrets.

The example policy allows retrieving only parameters from prefix "env/prod/".

"Version": "2012-10-17",
"Statement": [
"Effect": "Allow",
"Action": "ssm:GetParameters",
"Resource": "arn:aws:ssm:*:*:parameter/env/prod/*"


npm install @pallad/config-ssm

The simplest example

import {ssmProviderFactory} from '@pallad/config-ssm';
import {secret} from '@pallad/secret';

const ssm = ssmProviderFactory();

// retrieves "/env/prod/database/password" parameter

// same as above but additionally wraps it with secret
ssm('/env/prod/database/password', {transform: secret});

While SSM provider is great by itself it might be more beneficial to use it with preset.


Prefix all parameter names

import {ssmProviderFactory} from '@pallad/config-ssm';

const ssm = ssmProviderFactory({
prefix: '/env/prod/'

// retrieves "/env/prod/database/password" parameter

Use custom instance of SSM

import {ssmProviderFactory} from '@pallad/config-ssm';
import {SSM} from 'aws-sdk';

const ssm = ssmProviderFactory({
ssm: new SSM({
region: 'eu-central-1'
prefix: '/env/prod/'


Transforming values

As every provider factory, SSM is no different and allows for values transformation

For example in order to