How to integrate AWS Secret Manager with Spring Boot Application
I have a requirement to retrieve credentials from AWS Secret Manager, and I found that I need to add the gradle dependency for the following starter
spring-cloud-starter-aws-secrets-manager-config
Also, i found that I need to add the following settings in Bootstrap.yml
I'm unclear how secret key could be accessed in my Spring Boot Application if someone could chime in much appreciated.
Answer
I would like to share my findings on SecretManager integration with Spring Boot application.
Step 1. Add spring-cloud-starter-aws-secrets-manager-config dependency in Spring Boot Application ( Gradle and Maven ways of adding dependency is different).
Step 2. Add the following configuration in bootstrap.yml file.
aws:
secretsmanager:
prefix: /secret
defaultContext: application
profileSeparator: _
failFast: true
name: <service_name>
enabled: true
Step 3. create secrets in AWS Management console for the region required.
There are two secrets contexts
- Application context - Shared secrets across all services.
- Service context - secrets specific to service.
Final note on creating secrets,Secrets could be created for each environments.
For example,
/secret/service_name_dev/username
/secret/service_name_prod/username
Application context secrets could be created according to following format.
/secret/application/username
Once Spring Boot application started with above settings, Application will load secrets from AWS Secret Manager based on active profile.
For example, for a dev profile, it will load the secret /secret/service_name_dev/username, and the value could be accessed in configuration as well as in classes using ${username} mapping.