diff --git a/README.md b/README.md
index 59a9bfe..da91c05 100644
--- a/README.md
+++ b/README.md
@@ -161,6 +161,10 @@ No modules.
 | [aws_iam_policy_document.assume_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
 | [aws_iam_policy_document.ecr_viewer_s3](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
 | [aws_route_table.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/route_table) | data source |
+| [aws_secretsmanager_secret_version.postgres_database_url](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/secretsmanager_secret_version) | data source |
+| [aws_secretsmanager_secret_version.sqlserver_host](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/secretsmanager_secret_version) | data source |
+| [aws_secretsmanager_secret_version.sqlserver_password](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/secretsmanager_secret_version) | data source |
+| [aws_secretsmanager_secret_version.sqlserver_user](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/secretsmanager_secret_version) | data source |
 
 ## Inputs
 
@@ -183,7 +187,7 @@ No modules.
 | <a name="input_internal"></a> [internal](#input\_internal) | Flag to determine if the several AWS resources are public (intended for external access, public internet) or private (only intended to be accessed within your AWS VPC or avaiable with other means, a transit gateway for example). | `bool` | `true` | no |
 | <a name="input_owner"></a> [owner](#input\_owner) | Owner of the resources | `string` | `"CDC"` | no |
 | <a name="input_phdi_version"></a> [phdi\_version](#input\_phdi\_version) | Version of the PHDI application | `string` | `"v1.6.9"` | no |
-| <a name="input_postgres_database_data"></a> [postgres\_database\_data](#input\_postgres\_database\_data) | n/a | <pre>object({<br>    non_integrated_viewer                     = string<br>    metadata_database_type                    = string<br>    metadata_database_schema                  = string<br>    secrets_manager_postgres_database_url_arn = string<br>  })</pre> | <pre>{<br>  "metadata_database_schema": "",<br>  "metadata_database_type": "",<br>  "non_integrated_viewer": "false",<br>  "secrets_manager_postgres_database_url_arn": ""<br>}</pre> | no |
+| <a name="input_postgres_database_data"></a> [postgres\_database\_data](#input\_postgres\_database\_data) | n/a | <pre>object({<br>    non_integrated_viewer                      = string<br>    metadata_database_type                     = string<br>    metadata_database_schema                   = string<br>    secrets_manager_postgres_database_url_name = string<br>  })</pre> | <pre>{<br>  "metadata_database_schema": "",<br>  "metadata_database_type": "",<br>  "non_integrated_viewer": "false",<br>  "secrets_manager_postgres_database_url_name": ""<br>}</pre> | no |
 | <a name="input_private_subnet_ids"></a> [private\_subnet\_ids](#input\_private\_subnet\_ids) | List of private subnet IDs | `list(string)` | n/a | yes |
 | <a name="input_project"></a> [project](#input\_project) | The project name | `string` | `"dibbs"` | no |
 | <a name="input_public_subnet_ids"></a> [public\_subnet\_ids](#input\_public\_subnet\_ids) | List of public subnet IDs | `list(string)` | n/a | yes |
@@ -191,7 +195,7 @@ No modules.
 | <a name="input_s3_viewer_bucket_name"></a> [s3\_viewer\_bucket\_name](#input\_s3\_viewer\_bucket\_name) | Name of the S3 bucket for the viewer | `string` | `""` | no |
 | <a name="input_s3_viewer_bucket_role_name"></a> [s3\_viewer\_bucket\_role\_name](#input\_s3\_viewer\_bucket\_role\_name) | Name of the IAM role for the ecr-viewer bucket | `string` | `""` | no |
 | <a name="input_service_data"></a> [service\_data](#input\_service\_data) | Data for the DIBBS services | <pre>map(object({<br>    short_name     = string<br>    fargate_cpu    = number<br>    fargate_memory = number<br>    min_capacity   = number<br>    max_capacity   = number<br>    app_image      = string<br>    app_version    = string<br>    container_port = number<br>    host_port      = number<br>    public         = bool<br>    registry_url   = string<br>    env_vars = list(object({<br>      name  = string<br>      value = string<br>    }))<br>  }))</pre> | `{}` | no |
-| <a name="input_sqlserver_database_data"></a> [sqlserver\_database\_data](#input\_sqlserver\_database\_data) | n/a | <pre>object({<br>    non_integrated_viewer                  = string<br>    metadata_database_type                 = string<br>    metadata_database_schema               = string<br>    secrets_manager_sqlserver_user_arn     = string<br>    secrets_manager_sqlserver_password_arn = string<br>    secrets_manager_sqlserver_host_arn     = string<br>  })</pre> | <pre>{<br>  "metadata_database_schema": "",<br>  "metadata_database_type": "",<br>  "non_integrated_viewer": "false",<br>  "secrets_manager_sqlserver_host_arn": "",<br>  "secrets_manager_sqlserver_password_arn": "",<br>  "secrets_manager_sqlserver_user_arn": ""<br>}</pre> | no |
+| <a name="input_sqlserver_database_data"></a> [sqlserver\_database\_data](#input\_sqlserver\_database\_data) | n/a | <pre>object({<br>    non_integrated_viewer                   = string<br>    metadata_database_type                  = string<br>    metadata_database_schema                = string<br>    secrets_manager_sqlserver_user_name     = string<br>    secrets_manager_sqlserver_password_name = string<br>    secrets_manager_sqlserver_host_name     = string<br>  })</pre> | <pre>{<br>  "metadata_database_schema": "",<br>  "metadata_database_type": "",<br>  "non_integrated_viewer": "false",<br>  "secrets_manager_sqlserver_host_name": "",<br>  "secrets_manager_sqlserver_password_name": "",<br>  "secrets_manager_sqlserver_user_name": ""<br>}</pre> | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | Tags to apply to resources | `map(string)` | `{}` | no |
 | <a name="input_vpc_id"></a> [vpc\_id](#input\_vpc\_id) | ID of the VPC | `string` | n/a | yes |
 
diff --git a/_check.tf b/_check.tf
index 14186dd..327c3d6 100644
--- a/_check.tf
+++ b/_check.tf
@@ -1,11 +1,8 @@
 check "database_data_non_integrated_viewer" {
   assert {
-    condition     = (
-      (local.database_data.non_integrated_viewer == "false" && 
-        length(local.database_data.metadata_database_type) == 0) || 
-      (local.database_data.non_integrated_viewer == "true" && 
-        length(local.database_data.metadata_database_type) > 0 && 
-        length(local.database_data.metadata_database_schema) > 0)
+    condition = (
+      (local.database_data.non_integrated_viewer == "false" && length(local.database_data.metadata_database_type) == 0) ||
+      (local.database_data.non_integrated_viewer == "true" && length(local.database_data.metadata_database_type) > 0 && length(local.database_data.metadata_database_schema) > 0)
     )
     error_message = "When non_integrated_viewer is false, no other database data should be provided. When non_integrated_viewer is true, metadata_database_type, metadata_database_schema, and secrets_manager_* variables should be provided."
   }
diff --git a/_data.tf b/_data.tf
index 4a51084..c358fef 100644
--- a/_data.tf
+++ b/_data.tf
@@ -37,4 +37,24 @@ data "aws_iam_policy" "amazon_ec2_container_service_for_ec2_role" {
 data "aws_route_table" "this" {
   for_each  = local.private_subnet_kvs
   subnet_id = each.value
-}
\ No newline at end of file
+}
+
+data "aws_secretsmanager_secret_version" "postgres_database_url" {
+  count     = local.database_data.metadata_database_type == "postgres" ? 1 : 0
+  secret_id = local.database_data.metadata_database_type == "postgres" ? local.database_data.secrets_manager_postgres_database_url_name : ""
+}
+
+data "aws_secretsmanager_secret_version" "sqlserver_user" {
+  count     = local.database_data.metadata_database_type == "sqlserver" ? 1 : 0
+  secret_id = local.database_data.metadata_database_type == "sqlserver" ? local.database_data.secrets_manager_sqlserver_user_name : ""
+}
+
+data "aws_secretsmanager_secret_version" "sqlserver_password" {
+  count     = local.database_data.metadata_database_type == "sqlserver" ? 1 : 0
+  secret_id = local.database_data.metadata_database_type == "sqlserver" ? local.database_data.secrets_manager_sqlserver_password_name : ""
+}
+
+data "aws_secretsmanager_secret_version" "sqlserver_host" {
+  count     = local.database_data.metadata_database_type == "sqlserver" ? 1 : 0
+  secret_id = local.database_data.metadata_database_type == "sqlserver" ? local.database_data.secrets_manager_sqlserver_host_name : ""
+}
diff --git a/_local.tf b/_local.tf
index e02d7c4..fad1ef2 100644
--- a/_local.tf
+++ b/_local.tf
@@ -8,7 +8,7 @@ locals {
   registry_url      = var.disable_ecr == false ? "${data.aws_caller_identity.current.account_id}.dkr.ecr.${var.region}.amazonaws.com" : "ghcr.io/cdcgov/phdi"
   registry_username = data.aws_ecr_authorization_token.this.user_name
   registry_password = data.aws_ecr_authorization_token.this.password
-  database_data = var.postgres_database_data.non_integrated_viewer == "true" ? var.postgres_database_data : var.sqlserver_database_data
+  database_data     = var.postgres_database_data.non_integrated_viewer == "true" ? var.postgres_database_data : var.sqlserver_database_data
 
   service_data = length(var.service_data) > 0 ? var.service_data : {
     ecr-viewer = {
@@ -57,28 +57,28 @@ locals {
           value = var.ecr_viewer_basepath
         },
         {
-          name = "METADATA_DATABASE_TYPE",
+          name  = "METADATA_DATABASE_TYPE",
           value = local.database_data.non_integrated_viewer == "true" ? local.database_data.metadata_database_type : ""
         },
         {
-          name = "METADATA_DATABASE_SCHEMA",
+          name  = "METADATA_DATABASE_SCHEMA",
           value = local.database_data.non_integrated_viewer == "true" ? local.database_data.metadata_database_schema : ""
         },
         {
-          name = "DATABASE_URL",
-          value = local.database_data.metadata_database_type == "postgres" ? local.database_data.secrets_manager_postgres_database_url_arn : ""
+          name  = "DATABASE_URL",
+          value = local.database_data.metadata_database_type == "postgres" ? data.aws_secretsmanager_secret_version.postgres_database_url[0].secret_string : ""
         },
         {
-          name = "SQL_SERVER_USER",
-          value = local.database_data.metadata_database_type == "sqlserver" ? local.database_data.secrets_manager_sqlserver_user_arn : ""
+          name  = "SQL_SERVER_USER",
+          value = local.database_data.metadata_database_type == "sqlserver" ? data.aws_secretsmanager_secret_version.sqlserver_user[0].secret_string : ""
         },
         {
-          name = "SQL_SERVER_PASSWORD",
-          value = local.database_data.metadata_database_type == "sqlserver" ? local.database_data.secrets_manager_sqlserver_password_arn : ""
+          name  = "SQL_SERVER_PASSWORD",
+          value = local.database_data.metadata_database_type == "sqlserver" ? data.aws_secretsmanager_secret_version.sqlserver_password[0].secret_string : ""
         },
         {
-          name = "SQL_SERVER_HOST",
-          value = local.database_data.metadata_database_type == "sqlserver" ? local.database_data.secrets_manager_sqlserver_host_arn : ""
+          name  = "SQL_SERVER_HOST",
+          value = local.database_data.metadata_database_type == "sqlserver" ? data.aws_secretsmanager_secret_version.sqlserver_host[0].secret_string : ""
         }
       ]
     },
diff --git a/_variable.tf b/_variable.tf
index 5e3f5a9..dc5b9d8 100644
--- a/_variable.tf
+++ b/_variable.tf
@@ -115,35 +115,35 @@ variable "service_data" {
 
 variable "postgres_database_data" {
   type = object({
-    non_integrated_viewer                     = string
-    metadata_database_type                    = string
-    metadata_database_schema                  = string
-    secrets_manager_postgres_database_url_arn = string
+    non_integrated_viewer                      = string
+    metadata_database_type                     = string
+    metadata_database_schema                   = string
+    secrets_manager_postgres_database_url_name = string
   })
   default = {
-    non_integrated_viewer                     = "false"
-    metadata_database_type                    = ""
-    metadata_database_schema                  = ""
-    secrets_manager_postgres_database_url_arn = ""
+    non_integrated_viewer                      = "false"
+    metadata_database_type                     = ""
+    metadata_database_schema                   = ""
+    secrets_manager_postgres_database_url_name = ""
   }
 }
 
 variable "sqlserver_database_data" {
   type = object({
-    non_integrated_viewer                  = string
-    metadata_database_type                 = string
-    metadata_database_schema               = string
-    secrets_manager_sqlserver_user_arn     = string
-    secrets_manager_sqlserver_password_arn = string
-    secrets_manager_sqlserver_host_arn     = string
+    non_integrated_viewer                   = string
+    metadata_database_type                  = string
+    metadata_database_schema                = string
+    secrets_manager_sqlserver_user_name     = string
+    secrets_manager_sqlserver_password_name = string
+    secrets_manager_sqlserver_host_name     = string
   })
   default = {
-    non_integrated_viewer                  = "false"
-    metadata_database_type                 = ""
-    metadata_database_schema               = ""
-    secrets_manager_sqlserver_user_arn     = ""
-    secrets_manager_sqlserver_password_arn = ""
-    secrets_manager_sqlserver_host_arn     = ""
+    non_integrated_viewer                   = "false"
+    metadata_database_type                  = ""
+    metadata_database_schema                = ""
+    secrets_manager_sqlserver_user_name     = ""
+    secrets_manager_sqlserver_password_name = ""
+    secrets_manager_sqlserver_host_name     = ""
   }
 }