diff --git a/common.tf b/common.tf
index 30276a5..dc38331 100644
--- a/common.tf
+++ b/common.tf
@@ -51,19 +51,21 @@ data "aws_iam_policy_document" "waggle_dance_glue_policy" {
 
 
 data "aws_secretsmanager_secret" "datadog_key" {
+  count = length(var.datadog_key_secret_name) > 0 ? 1 : 0
   name  = var.datadog_key_secret_name
 }
 
 data "aws_secretsmanager_secret_version" "datadog_key" {
-  count = length(data.aws_secretsmanager_secret.datadog_key) > 0 ? 1 : 0
-  secret_id = data.aws_secretsmanager_secret.datadog_key.id
+  count = length(var.datadog_key_secret_name) > 0 ? 1 : 0
+  secret_id = data.aws_secretsmanager_secret.datadog_key[0].id
 }
 
-locals {
-  datadog_keys = jsondecode(data.aws_secretsmanager_secret_version.datadog_key[0].secret_string)
+data "external" "datadog_key" {
+  count = length(var.datadog_key_secret_name) > 0 ? 1 : 0
+  program = ["echo", "${data.aws_secretsmanager_secret_version.datadog_key[0].secret_string}"]
 }
 
 provider "datadog" {
-  api_key  = local.datadog_keys.api_key != null ? local.datadog_keys.api_key : ""
-  app_key  = local.datadog_keys.app_key != null ? local.datadog_keys.app_key : ""
+  api_key  = chomp(data.external.datadog_key[0].result["api_key"])
+  app_key  = chomp(data.external.datadog_key[0].result["app_key"])
 }
diff --git a/templates.tf b/templates.tf
index 46bee65..813d755 100644
--- a/templates.tf
+++ b/templates.tf
@@ -197,11 +197,11 @@ data "template_file" "datadog-agent" {
   template = file("${path.module}/templates/datadog-agent.json")
 
   vars = {
-    region              = var.aws_region
-    loggroup            = var.wd_instance_type == "ecs" ? join("", aws_cloudwatch_log_group.waggledance_ecs.*.name) : ""
-    datadog_secret_key = jsondecode(data.aws_secretsmanager_secret_version.datadog_key[0].secret_string).api_key
-    wd_instance_type = var.wd_instance_type
-    metrics_port = var.metrics_port
+    region                = var.aws_region
+    loggroup              = var.wd_instance_type == "ecs" ? join("", aws_cloudwatch_log_group.waggledance_ecs.*.name) : ""
+    datadog_secret_key    = length(var.datadog_key_secret_name) > 0 ? chomp(data.external.datadog_key[0].result["api_key"]) : ""
+    wd_instance_type      = var.wd_instance_type
+    metrics_port          = var.metrics_port
     datadog_agent_version = var.datadog_agent_version
   }
 }
diff --git a/variables.tf b/variables.tf
index efde532..24a51ab 100644
--- a/variables.tf
+++ b/variables.tf
@@ -381,7 +381,7 @@ variable "tcp_keepalive_probes" {
 variable "datadog_key_secret_name" {
   description = "Name of the secret containing the DataDog API key. This needs to be created manually in AWS secrets manager. This is only applicable to ECS deployments."
   type        = string
-  default     = null
+  default     = ""
 }
 
 variable "datadog_agent_version" {