Home > Blockchain >  Read value from AWS Secrets Manager and replace a placeholder in the Springboot property values
Read value from AWS Secrets Manager and replace a placeholder in the Springboot property values

Time:06-03

Our application needs to connect to confluent kafka and thus we have the following setups inside application.yaml file

kafka:
    properties:
      sasl:
        mechanism: PLAIN
        jaas:
          config: org.apache.kafka.common.security.plain.PlainLoginModule   required username={userName}   password={passWord};

The {userName} and {passWord} need to be replaced by value fetching from AWS secret manager. These are what I have done so far.

Step 1: Use the following maven dependency

<dependency>
    <groupId>com.amazonaws</groupId>
    <artifactId>aws-java-sdk-secretsmanager</artifactId>
</dependency>

Step 2: Create a configuration class and create a method annotated with @Bean to init a AWSSecretsManager client object.And we can get some key value pairs by using AWSSecretsManager object.

// Create a Secrets Manager client
AWSSecretsManager client  = AWSSecretsManagerClientBuilder.standard()
        .withRegion(region)
        .withCredentials(new AWSStaticCredentialsProvider(new BasicAWSCredentials(accessKey, secretKey)))
        .build();

I have the following questions to ask:

  1. How can we inject the value we get from secret manager and replace the placeholder in the application.yml file?
  2. To access AWSSecretsManager we need to pass AWS accessKey and seretKey. What is a good practice to provide those two values?

Some more info:

our application will be running on AWS ECS

CodePudding user response:

My answer here will focus on the Secrets Manager API part of your question

I recommend that you move from AWS SDK for Java V1 to AWS SDK for Java V2. You can find V2 Java Secret Manager examples here.

https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/secretsmanager

Here is the Service Client for V2.

 SecretsManagerClient secretsClient = SecretsManagerClient.builder()
                .region(region)
                .credentialsProvider(ProfileCredentialsProvider.create())
                .build();

In this example, I am using a ProfileCredentialsProvider that reads creds from .aws/Credentials. You can learn more about how V2 handles creds in the AWS Java V2 DEV Guide.

Using credentials

You cannot use ProfileCredentialsProvider in an app deployed to a container as this file structure not part of the container. So you can use Amazon ECS container credentials:

The SDK uses the ContainerCredentialsProvider class to load credentials from the AWS_CONTAINER_CREDENTIALS_RELATIVE_URI system environment variable.

See point 5 in the above Doc.

CodePudding user response:

I wouldn't recommend doing this via Java code at all. I would totally remove the aws-java-sdk-secretsmanager dependency, and use the ECS support for injecting SecretsManager values as environment variables.

Page link:https//www.codepudding.com/Blockchain/429048.html

Prev:Is it possible to achieve parallel processing in AWS Lambda
Next:Terraform: Use variable list type for aws Cloudfront resource
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding