diff --git a/modules/vpc/endpoints.tf b/modules/vpc/endpoints.tf
new file mode 100644
index 0000000..7c394a9
--- /dev/null
+++ b/modules/vpc/endpoints.tf
@@ -0,0 +1,10 @@
+data "aws_region" "current" {}
+
+resource "aws_vpc_endpoint" "secrets_manager" {
+  vpc_id = module.vpc.vpc_id
+
+  service_name = "com.amazonaws.${data.aws_region.current.name}.secretsmanager"
+
+  security_group_ids = [module.app_security_group.security_group_id] # You can specify security groups if needed
+  subnet_ids         = module.vpc.private_subnets                    # Associate with private subnets
+}