diff --git a/README.md b/README.md
index a6a0301..5dfa24c 100644
--- a/README.md
+++ b/README.md
@@ -27,17 +27,20 @@ Truefoundry AWS platform features
 |------|------|
 | [aws_iam_policy.truefoundry_platform_feature_cluster_integration_policy](https://registry.terraform.io/providers/hashicorp/aws/5.14.0/docs/resources/iam_policy) | resource |
 | [aws_iam_policy.truefoundry_platform_feature_user_ecr_policy](https://registry.terraform.io/providers/hashicorp/aws/5.14.0/docs/resources/iam_policy) | resource |
+| [aws_iam_policy.truefoundry_platform_feature_user_parameter_store_policy](https://registry.terraform.io/providers/hashicorp/aws/5.14.0/docs/resources/iam_policy) | resource |
 | [aws_iam_policy.truefoundry_platform_feature_user_s3_policy](https://registry.terraform.io/providers/hashicorp/aws/5.14.0/docs/resources/iam_policy) | resource |
-| [aws_iam_policy.truefoundry_platform_feature_user_ssm_policy](https://registry.terraform.io/providers/hashicorp/aws/5.14.0/docs/resources/iam_policy) | resource |
+| [aws_iam_policy.truefoundry_platform_feature_user_secrets_manager_policy](https://registry.terraform.io/providers/hashicorp/aws/5.14.0/docs/resources/iam_policy) | resource |
 | [aws_iam_role.truefoundry_platform_feature_iam_role](https://registry.terraform.io/providers/hashicorp/aws/5.14.0/docs/resources/iam_role) | resource |
 | [aws_iam_role_policy_attachment.truefoundry_platform_user_cluster_integration_policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/5.14.0/docs/resources/iam_role_policy_attachment) | resource |
 | [aws_iam_role_policy_attachment.truefoundry_platform_user_ecr_policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/5.14.0/docs/resources/iam_role_policy_attachment) | resource |
+| [aws_iam_role_policy_attachment.truefoundry_platform_user_parameter_store_policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/5.14.0/docs/resources/iam_role_policy_attachment) | resource |
 | [aws_iam_role_policy_attachment.truefoundry_platform_user_s3_policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/5.14.0/docs/resources/iam_role_policy_attachment) | resource |
-| [aws_iam_role_policy_attachment.truefoundry_platform_user_ssm_policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/5.14.0/docs/resources/iam_role_policy_attachment) | resource |
+| [aws_iam_role_policy_attachment.truefoundry_platform_user_secrets_manager_policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/5.14.0/docs/resources/iam_role_policy_attachment) | resource |
 | [aws_iam_policy_document.truefoundry_platform_feature_cluster_integration_policy_document](https://registry.terraform.io/providers/hashicorp/aws/5.14.0/docs/data-sources/iam_policy_document) | data source |
 | [aws_iam_policy_document.truefoundry_platform_feature_user_ecr_policy_document](https://registry.terraform.io/providers/hashicorp/aws/5.14.0/docs/data-sources/iam_policy_document) | data source |
+| [aws_iam_policy_document.truefoundry_platform_feature_user_parameter_store_policy_document](https://registry.terraform.io/providers/hashicorp/aws/5.14.0/docs/data-sources/iam_policy_document) | data source |
 | [aws_iam_policy_document.truefoundry_platform_feature_user_s3_policy_document](https://registry.terraform.io/providers/hashicorp/aws/5.14.0/docs/data-sources/iam_policy_document) | data source |
-| [aws_iam_policy_document.truefoundry_platform_feature_user_ssm_policy_document](https://registry.terraform.io/providers/hashicorp/aws/5.14.0/docs/data-sources/iam_policy_document) | data source |
+| [aws_iam_policy_document.truefoundry_platform_feature_user_secrets_manager_policy_document](https://registry.terraform.io/providers/hashicorp/aws/5.14.0/docs/data-sources/iam_policy_document) | data source |
 
 ## Inputs
 
@@ -56,7 +59,8 @@ Truefoundry AWS platform features
 | <a name="input_feature_blob_storage_enabled"></a> [feature\_blob\_storage\_enabled](#input\_feature\_blob\_storage\_enabled) | Enable blob storage feature in the platform | `bool` | `true` | no |
 | <a name="input_feature_cluster_integration_enabled"></a> [feature\_cluster\_integration\_enabled](#input\_feature\_cluster\_integration\_enabled) | Enable cluster integration feature in the platform | `bool` | `true` | no |
 | <a name="input_feature_docker_registry_enabled"></a> [feature\_docker\_registry\_enabled](#input\_feature\_docker\_registry\_enabled) | Enable docker registry feature in the platform | `bool` | `true` | no |
-| <a name="input_feature_secrets_enabled"></a> [feature\_secrets\_enabled](#input\_feature\_secrets\_enabled) | Enable secrets manager feature in the platform | `bool` | `true` | no |
+| <a name="input_feature_parameter_store_enabled"></a> [feature\_parameter\_store\_enabled](#input\_feature\_parameter\_store\_enabled) | Enable parameter store feature in the platform | `bool` | `true` | no |
+| <a name="input_feature_secrets_manager_enabled"></a> [feature\_secrets\_manager\_enabled](#input\_feature\_secrets\_manager\_enabled) | Enable secrets manager feature in the platform | `bool` | `true` | no |
 | <a name="input_platform_feature_enabled"></a> [platform\_feature\_enabled](#input\_platform\_feature\_enabled) | Enable platform features like docker registry, secrets manager and blob storage | `bool` | `true` | no |
 | <a name="input_platform_role_enable_override"></a> [platform\_role\_enable\_override](#input\_platform\_role\_enable\_override) | Enable overriding the platform role name. You need to pass s3\_override\_name to pass the bucket name | `bool` | `false` | no |
 | <a name="input_platform_role_override_name"></a> [platform\_role\_override\_name](#input\_platform\_role\_override\_name) | Platform IAM role name which will have access to S3 bucket, SSM and ECR | `string` | `""` | no |
diff --git a/iam.tf b/iam.tf
index eb593fc..35d6b8e 100644
--- a/iam.tf
+++ b/iam.tf
@@ -13,8 +13,8 @@ data "aws_iam_policy_document" "truefoundry_platform_feature_user_s3_policy_docu
   }
 }
 
-data "aws_iam_policy_document" "truefoundry_platform_feature_user_ssm_policy_document" {
-  count = var.platform_feature_enabled ? var.feature_secrets_enabled ? 1 : 0 : 0
+data "aws_iam_policy_document" "truefoundry_platform_feature_user_parameter_store_policy_document" {
+  count = var.platform_feature_enabled ? var.feature_parameter_store_enabled ? 1 : 0 : 0
   statement {
     effect = "Allow"
     actions = [
@@ -31,6 +31,24 @@ data "aws_iam_policy_document" "truefoundry_platform_feature_user_ssm_policy_doc
   }
 }
 
+data "aws_iam_policy_document" "truefoundry_platform_feature_user_secrets_manager_policy_document" {
+  count = var.platform_feature_enabled ? var.feature_secrets_manager_enabled ? 1 : 0 : 0
+  statement {
+    effect = "Allow"
+    actions = [
+      "secretsmanager:GetSecretValue",
+      "secretsmanager:DescribeSecret",
+      "secretsmanager:CreateSecret",
+      "secretsmanager:DeleteSecret",
+      "secretsmanager:UpdateSecret",
+      "secretsmanager:ListSecrets"
+    ]
+    resources = [
+      "arn:aws:secretsmanager:${var.aws_region}:${var.aws_account_id}:secret:tfy-secret/*"
+    ]
+  }
+}
+
 data "aws_iam_policy_document" "truefoundry_platform_feature_user_ecr_policy_document" {
   count = var.platform_feature_enabled ? var.feature_docker_registry_enabled ? 1 : 0 : 0
   statement {
@@ -129,11 +147,19 @@ resource "aws_iam_policy" "truefoundry_platform_feature_user_s3_policy" {
   tags        = local.tags
 }
 
-resource "aws_iam_policy" "truefoundry_platform_feature_user_ssm_policy" {
-  count       = var.platform_feature_enabled ? var.feature_secrets_enabled ? 1 : 0 : 0
+resource "aws_iam_policy" "truefoundry_platform_feature_user_parameter_store_policy" {
+  count       = var.platform_feature_enabled ? var.feature_parameter_store_enabled ? 1 : 0 : 0
   name_prefix = "${local.truefoundry_unique_name}-ssm-access"
   description = "IAM policy for TrueFoundry user for platform features Secrets manager"
-  policy      = data.aws_iam_policy_document.truefoundry_platform_feature_user_ssm_policy_document[0].json
+  policy      = data.aws_iam_policy_document.truefoundry_platform_feature_user_parameter_store_policy_document[0].json
+  tags        = local.tags
+}
+
+resource "aws_iam_policy" "truefoundry_platform_feature_user_secrets_manager_policy" {
+  count       = var.platform_feature_enabled ? var.feature_secrets_manager_enabled ? 1 : 0 : 0
+  name_prefix = "${local.truefoundry_unique_name}-secrets-manager-access"
+  description = "IAM policy for TrueFoundry user for platform features Secrets manager"
+  policy      = data.aws_iam_policy_document.truefoundry_platform_feature_user_secrets_manager_policy_document[0].json
   tags        = local.tags
 }
 
@@ -185,10 +211,16 @@ resource "aws_iam_role_policy_attachment" "truefoundry_platform_user_s3_policy_a
   policy_arn = aws_iam_policy.truefoundry_platform_feature_user_s3_policy[0].arn
 }
 
-resource "aws_iam_role_policy_attachment" "truefoundry_platform_user_ssm_policy_attachment" {
-  count      = var.platform_feature_enabled ? var.feature_secrets_enabled ? 1 : 0 : 0
+resource "aws_iam_role_policy_attachment" "truefoundry_platform_user_parameter_store_policy_attachment" {
+  count      = var.platform_feature_enabled ? var.feature_parameter_store_enabled ? 1 : 0 : 0
+  role       = aws_iam_role.truefoundry_platform_feature_iam_role[0].name
+  policy_arn = aws_iam_policy.truefoundry_platform_feature_user_parameter_store_policy[0].arn
+}
+
+resource "aws_iam_role_policy_attachment" "truefoundry_platform_user_secrets_manager_policy_attachment" {
+  count      = var.platform_feature_enabled ? var.feature_secrets_manager_enabled ? 1 : 0 : 0
   role       = aws_iam_role.truefoundry_platform_feature_iam_role[0].name
-  policy_arn = aws_iam_policy.truefoundry_platform_feature_user_ssm_policy[0].arn
+  policy_arn = aws_iam_policy.truefoundry_platform_feature_user_secrets_manager_policy[0].arn
 }
 
 resource "aws_iam_role_policy_attachment" "truefoundry_platform_user_ecr_policy_attachment" {
diff --git a/locals.tf b/locals.tf
index f753926..8355a24 100644
--- a/locals.tf
+++ b/locals.tf
@@ -11,8 +11,9 @@ locals {
   bucket_name             = var.blob_storage_enable_override ? var.blob_storage_override_name : "${var.cluster_name}-ml"
   policy_arns = [
     var.feature_blob_storage_enabled ? aws_iam_policy.truefoundry_platform_feature_user_s3_policy[0].arn : null,
-    var.feature_secrets_enabled ? aws_iam_policy.truefoundry_platform_feature_user_ssm_policy[0].arn : null,
+    var.feature_parameter_store_enabled ? aws_iam_policy.truefoundry_platform_feature_user_parameter_store_policy[0].arn : null,
+    var.feature_secrets_manager_enabled ? aws_iam_policy.truefoundry_platform_feature_user_secrets_manager_policy[0].arn : null,
     var.feature_docker_registry_enabled ? aws_iam_policy.truefoundry_platform_feature_user_ecr_policy[0].arn : null,
   ]
   truefoundry_platform_user_policy_arns = [for arn in local.policy_arns : tostring(arn) if arn != null]
-}
\ No newline at end of file
+}
diff --git a/variables.tf b/variables.tf
index 6848b53..f612634 100644
--- a/variables.tf
+++ b/variables.tf
@@ -99,12 +99,20 @@ variable "blob_storage_cors_origins" {
 ################################################################################
 # SSM
 ################################################################################
-variable "feature_secrets_enabled" {
-  description = "Enable secrets manager feature in the platform"
+variable "feature_parameter_store_enabled" {
+  description = "Enable parameter store feature in the platform"
   type        = bool
   default     = true
 }
 
+################################################################################
+# Secrets Manager
+################################################################################
+variable "feature_secrets_manager_enabled" {
+  description = "Enable secrets manager feature in the platform"
+  type        = bool
+  default     = true
+}
 
 ################################################################################
 # ECR