diff --git a/aws/secret.go b/aws/secret.go
index 8e79eb12..b4927c72 100644
--- a/aws/secret.go
+++ b/aws/secret.go
@@ -25,7 +25,7 @@ func NewSecret(name string, cfg aws.Config) Secret {
 	}
 }
 
-func (s Secret) Password(ctx context.Context) (string, error) {
+func (s Secret) GetSecret(ctx context.Context) (map[string]interface{}, error) {
 	input := &secretsmanager.GetSecretValueInput{
 		SecretId:     aws.String(s.name),
 		VersionStage: aws.String("AWSCURRENT"),
@@ -33,21 +33,20 @@ func (s Secret) Password(ctx context.Context) (string, error) {
 
 	sv, err := s.client.GetSecretValue(ctx, input)
 	if err != nil {
-		return "", fmt.Errorf("Secrets Manager API error: %s", err)
+		return nil, fmt.Errorf("Secrets Manager API error: %s", err)
 	}
 	blip.Debug("DEBUG: aws secret: %+v", *sv)
 
 	if sv.SecretString == nil || *sv.SecretString == "" {
-		return "", fmt.Errorf("secret string is nil or empty")
+		return nil, fmt.Errorf("secret string is nil or empty")
 	}
 
 	var v map[string]interface{}
 	if err := json.Unmarshal([]byte(*sv.SecretString), &v); err != nil {
-		return "", fmt.Errorf("cannot decode secret string as map[string]string: %s", err)
+		return nil, fmt.Errorf("cannot decode secret string as map[string]string: %s", err)
 	}
 	if v == nil {
-		return "", fmt.Errorf("secret value is 'null' literal")
+		return nil, fmt.Errorf("secret value is 'null' literal")
 	}
-
-	return v["password"].(string), nil
+	return v, nil
 }
diff --git a/dbconn/factory.go b/dbconn/factory.go
index d1331c06..b4f90aec 100644
--- a/dbconn/factory.go
+++ b/dbconn/factory.go
@@ -8,7 +8,6 @@ import (
 	"database/sql"
 	"fmt"
 	"io/fs"
-	"io/ioutil"
 	"log"
 	"os"
 	"os/exec"
@@ -290,15 +289,32 @@ func (f factory) Credentials(cfg blip.ConfigMonitor) (CredentialFunc, error) {
 		}
 		secret := aws.NewSecret(cfg.AWS.PasswordSecret, awscfg)
 		return func(ctx context.Context) (Credentials, error) {
-			passwd, err := secret.Password(ctx)
-
+			newSecret, err := secret.GetSecret(ctx)
 			if err != nil {
 				return Credentials{}, err
 			}
 
+			username, ok := newSecret["username"]
+			if !ok {
+				// The username key is optional. Default to config
+				username = cfg.Username
+			}
+			usernameStr, ok := username.(string)
+			if !ok {
+				username = cfg.Username
+			}
+			password, ok := newSecret["password"]
+			if !ok {
+				return Credentials{}, fmt.Errorf("error retrieving 'password' value of secret")
+			}
+			passwordStr, ok := password.(string)
+			if !ok {
+				return Credentials{}, fmt.Errorf("invalid type for 'password' value of secret")
+			}
+
 			return Credentials{
-				Password: passwd,
-				Username: cfg.Username,
+				Password: passwordStr,
+				Username: usernameStr,
 			}, nil
 		}, nil
 	}
@@ -307,7 +323,7 @@ func (f factory) Credentials(cfg blip.ConfigMonitor) (CredentialFunc, error) {
 	if cfg.PasswordFile != "" {
 		blip.Debug("%s: password file", cfg.MonitorId)
 		return func(context.Context) (Credentials, error) {
-			bytes, err := ioutil.ReadFile(cfg.PasswordFile)
+			bytes, err := os.ReadFile(cfg.PasswordFile)
 			if err != nil {
 				return Credentials{}, err
 			}