# Stores Configuration

The `stores` section in `atmos.yaml` configures external key-value stores that can be used to share data between components using the [`!store`](/stacks/sharing-state/stores) YAML function and [hooks](/stacks/hooks).

## Configuration

**File:** `atmos.yaml`

```yaml
stores:
  # AWS SSM Parameter Store
  prod/ssm:
    type: aws-ssm-parameter-store
    options:
      region: us-east-1

  # Azure Key Vault
  prod/azure:
    type: azure-key-vault
    options:
      vault_url: "https://my-keyvault.vault.azure.net/"

  # Google Secret Manager
  prod/gcp:
    type: google-secret-manager
    options:
      project_id: my-project

  # Redis
  cache:
    type: redis
    options:
      url: "redis://localhost:6379"

  # Artifactory
  artifacts:
    type: artifactory
    options:
      url: https://artifactory.example.com
      repo_name: my-repo
```

## Store Name Convention

Store names follow the pattern `<environment>/<type>` by convention:

- `prod/ssm` - Production SSM Parameter Store
- `dev/secrets` - Development Secrets Manager
- `shared/config` - Shared configuration store

You can reference stores in stack configuration using the `!store` function:

```yaml
vars:
  database_password: !store prod/secrets::database/password
  api_key: !store prod/ssm::/app/api-key
```

## Supported Store Types

- **`aws-ssm-parameter-store`**
  AWS Systems Manager Parameter Store. Stores and retrieves parameters from SSM.
- **`azure-key-vault`**
  Azure Key Vault. Stores and retrieves secrets from Azure.
- **`google-secret-manager` (or `gsm`)**
  Google Cloud Secret Manager. Stores and retrieves secrets from GCP.
- **`redis`**
  Redis key-value store. Useful for caching and temporary data.
- **`artifactory`**
  JFrog Artifactory. Stores and retrieves data as JSON files. Use a Generic repository type.

## Store Type Configuration

### AWS SSM Parameter Store

**File:** `atmos.yaml`

```yaml
stores:
  prod/ssm:
    type: aws-ssm-parameter-store
    options:
      region: us-east-1
      # Optional
      prefix: myapp
      stack_delimiter: "/"
      # Optional: assume role for cross-account access
      read_role_arn: arn:aws:iam::123456789012:role/SSMReader
      write_role_arn: arn:aws:iam::123456789012:role/SSMWriter
```

### Azure Key Vault

**File:** `atmos.yaml`

```yaml
stores:
  prod/azure:
    type: azure-key-vault
    options:
      vault_url: "https://my-keyvault.vault.azure.net/"
      # Optional
      prefix: myapp
      stack_delimiter: "-"
```

Authentication uses the [Azure Default Credential chain](https://learn.microsoft.com/en-us/azure/developer/go/azure-sdk-authentication), which checks environment variables, managed identity, Azure CLI, and other sources.

### Google Secret Manager

**File:** `atmos.yaml`

```yaml
stores:
  prod/gcp:
    type: google-secret-manager  # or "gsm"
    options:
      project_id: my-project
      # Optional
      prefix: myapp
      stack_delimiter: "_"
      # Optional: JSON credentials (or use GOOGLE_APPLICATION_CREDENTIALS env var)
      credentials: '{"type":"service_account",...}'
      # Optional: replication locations
      locations:
        - us-east1
        - us-west1
```

### Redis

**File:** `atmos.yaml`

```yaml
stores:
  cache:
    type: redis
    options:
      url: "redis://localhost:6379"  # or use ATMOS_REDIS_URL env var
      # Optional
      prefix: myapp
      stack_delimiter: "/"
```

The `url` option supports Redis URL format including authentication: `redis://:password@host:port/db`

### Artifactory

**File:** `atmos.yaml`

```yaml
stores:
  artifacts:
    type: artifactory
    options:
      url: https://artifactory.example.com
      repo_name: my-repo
      # Access token from environment variable (recommended)
      access_token: !env ARTIFACTORY_ACCESS_TOKEN
      # Optional
      prefix: myapp
      stack_delimiter: "/"
```

The `access_token` can be provided directly, via the `!env` function, or through the `ARTIFACTORY_ACCESS_TOKEN` environment variable.

:::tip JFrog Artifactory Repository Type
When setting up Artifactory as a store backend, create a **Generic** repository type in JFrog Artifactory. Atmos stores data as JSON files, so no specific package type (Maven, npm, Docker, etc.) is required. The repository can be local, remote, or virtual.
:::

## Using Stores in Hooks

You can write values to stores using [hooks](/stacks/hooks):

```yaml
components:
  terraform:
    vpc:
      hooks:
        store-outputs:
          events:
            - after-terraform-apply
          command: store
          name: prod/ssm
          outputs:
            vpc_id: .vpc_id
            subnet_ids: .private_subnet_ids
```

This writes Terraform outputs to the configured store after apply completes. The output values starting with `.` reference Terraform output names.

## Related

- [External Stores](/stacks/sharing-state/stores) - Using `!store` function in stacks
- [Hooks](/stacks/hooks) - Writing to stores with hooks
- [Terraform State](/stacks/sharing-state/terraform-state) - Alternative data sharing method