diff --git a/lib/backends/secrets-manager-backend.js b/lib/backends/secrets-manager-backend.js
index 8f8eb43b..99fdcbf1 100644
--- a/lib/backends/secrets-manager-backend.js
+++ b/lib/backends/secrets-manager-backend.js
@@ -39,7 +39,14 @@ class SecretsManagerBackend extends KVBackend {
       .getSecretValue({ SecretId: secretKey })
       .promise()
 
-    return data.SecretString
+    if ('SecretBinary' in data) {
+      return data.SecretBinary
+    } else if ('SecretString' in data) {
+      return data.SecretString
+    }
+
+    this._logger.error(`Unexpected data from Secrets Manager secret ${secretKey}`)
+    return null
   }
 }
 
diff --git a/lib/backends/secrets-manager-backend.test.js b/lib/backends/secrets-manager-backend.test.js
index 3d0acd13..7816d9e6 100644
--- a/lib/backends/secrets-manager-backend.test.js
+++ b/lib/backends/secrets-manager-backend.test.js
@@ -55,6 +55,23 @@ describe('SecretsManagerBackend', () => {
       expect(secretPropertyValue).equals('fakeSecretPropertyValue')
     })
 
+    it('returns binary secret', async () => {
+      getSecretValuePromise.promise.resolves({
+        SecretBinary: Buffer.from('fakeSecretPropertyValue', 'utf-8')
+      })
+
+      const secretPropertyValue = await secretsManagerBackend._get({
+        secretKey: 'fakeSecretKey'
+      })
+
+      expect(clientMock.getSecretValue.calledWith({
+        SecretId: 'fakeSecretKey'
+      })).to.equal(true)
+      expect(clientFactoryMock.getCall(0).args).deep.equals([])
+      expect(assumeRoleMock.callCount).equals(0)
+      expect(secretPropertyValue.toString()).equals('fakeSecretPropertyValue')
+    })
+
     it('returns secret property value assuming a role', async () => {
       getSecretValuePromise.promise.resolves({
         SecretString: 'fakeAssumeRoleSecretValue'