diff --git a/src/metrics/listener.spec.ts b/src/metrics/listener.spec.ts
index d37061e6b..bcbc2debf 100644
--- a/src/metrics/listener.spec.ts
+++ b/src/metrics/listener.spec.ts
@@ -128,7 +128,7 @@ describe("MetricsListener", () => {
       const listener = new MetricsListener(kms as any, {
         apiKey: "",
         apiKeyKMS: "",
-        apiKeySecretARN: "api-key-secret-arn",
+        apiKeySecretARN: "arn:aws:secretsmanager:us-gov-west-1:1234567890:secret:key-name-123ABC",
         enhancedMetrics: false,
         logForwarding: false,
         shouldRetryMetrics: false,
@@ -141,6 +141,39 @@ describe("MetricsListener", () => {
 
       expect(secretsManagerSpy).toHaveBeenCalledWith({
         useFipsEndpoint: true,
+        region: "us-gov-west-1",
+      });
+
+      secretsManagerSpy.mockRestore();
+    } finally {
+      process.env.AWS_REGION = "us-east-1";
+    }
+  });
+
+  it("uses correct secrets region", async () => {
+    try {
+      process.env.AWS_REGION = "us-east-1";
+      const secretsManagerModule = require("@aws-sdk/client-secrets-manager");
+      const secretsManagerSpy = jest.spyOn(secretsManagerModule, "SecretsManager");
+
+      const kms = new MockKMS("kms-api-key-decrypted");
+      const listener = new MetricsListener(kms as any, {
+        apiKey: "",
+        apiKeyKMS: "",
+        apiKeySecretARN: "arn:aws:secretsmanager:ap-west-1:1234567890:secret:key-name-123ABC",
+        enhancedMetrics: false,
+        logForwarding: false,
+        shouldRetryMetrics: false,
+        localTesting: false,
+        siteURL,
+      });
+
+      await listener.onStartInvocation({});
+      await listener.onCompleteInvocation();
+
+      expect(secretsManagerSpy).toHaveBeenCalledWith({
+        useFipsEndpoint: false,
+        region: "ap-west-1",
       });
 
       secretsManagerSpy.mockRestore();
diff --git a/src/metrics/listener.ts b/src/metrics/listener.ts
index b4c6525fe..a73a35e91 100644
--- a/src/metrics/listener.ts
+++ b/src/metrics/listener.ts
@@ -224,10 +224,12 @@ export class MetricsListener {
     if (config.apiKeySecretARN !== "") {
       try {
         const { SecretsManager } = await import("@aws-sdk/client-secrets-manager");
-        const region = process.env.AWS_REGION;
-        const isGovRegion = region !== undefined && region.startsWith("us-gov-");
+        const secretRegion = config.apiKeySecretARN.split(":")[3];
+        const lambdaRegion = process.env.AWS_REGION;
+        const isGovRegion = lambdaRegion !== undefined && lambdaRegion.startsWith("us-gov-");
         const secretsManager = new SecretsManager({
           useFipsEndpoint: isGovRegion,
+          region: secretRegion,
         });
         const secret = await secretsManager.getSecretValue({ SecretId: config.apiKeySecretARN });
         return secret?.SecretString ?? "";