diff --git a/README.md b/README.md
index 87f32ac..6ca9e80 100644
--- a/README.md
+++ b/README.md
@@ -19,10 +19,6 @@ Each folder should follow the same naming conventions:
 * `data.tf` – Contains terraform `data` sources, if there are enough of them to warrant splitting them out
 * `outputs.tf` – Contains only terraform outputs
 
-## Secrets
-
-Instead of using Terraform variables (and `.tfvars` files), which come with a host of security/maintenance/synchronization issues, each component or project should store a JSON string of their secrets in [AWS Server Manager Parameter Store](https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-parameter-store.html) under the `/tfvars/` namespace. These secrets can be referenced using the [`secrets` module](modules/secrets/README.md) in this repository. Please see that module's README file and other components within this repository for examples.
-
 ## Common Configuration
 
 Each folder should be initialized the same way:
diff --git a/core/main.tf b/core/main.tf
index c226c73..28125c7 100644
--- a/core/main.tf
+++ b/core/main.tf
@@ -19,7 +19,6 @@ locals {
   environment   = coalesce(var.environment, substr(terraform.workspace, 0, 1))
   namespace     = join("-", [var.stack_name, local.environment])
   common_tags   = {
-    Department  = "RDC"
     Environment = terraform.workspace
     Terraform   = "true"
   }
diff --git a/fcrepo/secrets.tf b/fcrepo/secrets.tf
new file mode 100644
index 0000000..6be720b
--- /dev/null
+++ b/fcrepo/secrets.tf
@@ -0,0 +1,19 @@
+locals {
+  secrets = {
+    fcrepo = {
+      endpoint = "http://${aws_service_discovery_service.fcrepo.name}.${module.core.outputs.vpc.service_discovery_dns_zone.name}:8080/rest"
+    }
+  }
+}
+
+resource "aws_secretsmanager_secret" "data_services" {
+  for_each    = local.secrets
+  name        = "${local.namespace}/infrastructure/${each.key}"
+  description = "${each.key} secrets for ${local.namespace}"
+}
+
+resource "aws_secretsmanager_secret_version" "config_secrets" {
+  for_each      = local.secrets
+  secret_id     = aws_secretsmanager_secret.data_services[each.key].id
+  secret_string = jsonencode(each.value)
+}
diff --git a/modules/secrets/README.md b/modules/secrets/README.md
deleted file mode 100644
index 97181a9..0000000
--- a/modules/secrets/README.md
+++ /dev/null
@@ -1,49 +0,0 @@
-## Description
-
-This terraform module reads secrets from the [AWS Server Manager Parameter Store](https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-parameter-store.html).
-
-## Usage
-
-### Project Setup
-
-Invoke the module with defaults from the project's `secrets.tf`:
-```
-locals {
-  secrets = module.secrets.vars
-}
-
-module "secrets" {
-  source    = "git::https://github.com/nulib/infrastructure.git//modules/secrets"
-  path      = "my_project_name"
-  defaults  = jsonencode({
-    variable_with_default = "default-value"
-    tags                  = {}
-  })
-}
-```
-
-### Setting Secret Values
-
-To set or override the values in SSM:
-```shell
-$ aws ssm put-parameter \
-  --name /tfvars/my_project_name \
-  --type SecureString \
-  --value '{"variable_with_default": "non-default-value", "variable_without_default": "required-value"}'
-  --overwrite
-```
-
-### Using Secret Values
-
-Use secrets in the project's `main.tf`:
-```
-resource "aws_s3_bucket" "bucket_with_default_name" {
-  bucket = "project-bucket-${local.secrets.variable_with_default}"
-  tags   = local.secrets.tags
-}
-
-resource "aws_s3_bucket" "bucket_with_required_name" {
-  bucket = "project-bucket-${local.secrets.variable_without_default}"
-  tags   = local.secrets.tags
-}
-```
diff --git a/modules/secrets/main.tf b/modules/secrets/main.tf
deleted file mode 100644
index 0a746a7..0000000
--- a/modules/secrets/main.tf
+++ /dev/null
@@ -1,4 +0,0 @@
-data "aws_ssm_parameter" "values" {
-  name              = "/${var.namespace}/${var.path}"
-  with_decryption   = true
-}
diff --git a/modules/secrets/outputs.tf b/modules/secrets/outputs.tf
deleted file mode 100644
index 196b0e2..0000000
--- a/modules/secrets/outputs.tf
+++ /dev/null
@@ -1,3 +0,0 @@
-output "vars" {
-  value = nonsensitive(merge(jsondecode(var.defaults), jsondecode(data.aws_ssm_parameter.values.value)))
-}
\ No newline at end of file
diff --git a/modules/secrets/variables.tf b/modules/secrets/variables.tf
deleted file mode 100644
index 74d9014..0000000
--- a/modules/secrets/variables.tf
+++ /dev/null
@@ -1,13 +0,0 @@
-variable "defaults" {
-  type    = string
-  default = "{}"
-}
-
-variable "namespace" {
-  type    = string
-  default = "tfvars"
-}
-
-variable "path" {
-  type = string
-}
diff --git a/solrcloud/secrets.tf b/solrcloud/secrets.tf
new file mode 100644
index 0000000..23224d7
--- /dev/null
+++ b/solrcloud/secrets.tf
@@ -0,0 +1,20 @@
+locals {
+  secrets = {
+    solrcloud = {
+      solr_url            = local.solr_endpoint
+      zookeeper_servers   = local.zookeeper_servers
+    }
+  }
+}
+
+resource "aws_secretsmanager_secret" "data_services" {
+  for_each    = local.secrets
+  name        = "${local.namespace}/infrastructure/${each.key}"
+  description = "${each.key} secrets for ${local.namespace}"
+}
+
+resource "aws_secretsmanager_secret_version" "config_secrets" {
+  for_each      = local.secrets
+  secret_id     = aws_secretsmanager_secret.data_services[each.key].id
+  secret_string = jsonencode(each.value)
+}