How to use AWS Secrets Manager in Spring Boot :
To configure AWS Secrets Manager in Spring Boot first, let’s create a sample Spring Boot project. For this article, we will create a project with a simple controller and configuration class containing code for a secret manager. You can download the reference code from here.
To use secret manager in the spring project AWS SDK must be configured with credentials follow the steps in the below docs to configure AWS credentials and SDK.
AWS JAVA SDK configuration
Step 1: Create Spring Boot Project
- Create a spring boot project with your favorite IDE.
- Make sure to add the following dependencies in the project inside the pom.xml file.
<dependency>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
<optional>true</optional>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>com.amazonaws</groupId>
<artifactId>aws-java-sdk-core</artifactId>
<version>1.12.721</version>
</dependency>
<dependency>
<groupId>software.amazon.awssdk</groupId>
<artifactId>secretsmanager</artifactId>
<version>2.25.50</version>
</dependency>
<dependency>
<groupId>software.amazon.awssdk</groupId>
<artifactId>sso</artifactId>
<version>2.25.50</version>
</dependency>
<dependency>
<groupId>software.amazon.awssdk</groupId>
<artifactId>ssooidc</artifactId>
<version>2.25.52</version>
</dependency>
Step 2 : Add code in project
- First, create a sample controller which will contain a route for fetching secrets from the secret manager class.
@Autowired
SecretManagerConfig secretManagerConfig;
@GetMapping("/getsecret")
public String getSecret(@RequestParam String secretName) {
String secretValue = SecretManagerConfig.getSecretFromAWS(secretManagerConfig.getSecretsManagerClient(), secretName).getProperty(secretName);
return secretValue;
}
- Now lets add configuration class for secret manager. In this class we will create secret manager client as below.
- The secret manager must be created in same region as mentioned below.
SecretManagerConfig(){
secretsManagerClient = SecretsManagerClient.builder().region(Region.AP_SOUTH_1).build();
}
- Finally Add method for fetching secrets from secret manger.
public static Properties getSecretFromAWS(SecretsManagerClient secretsManagerClient,String secretName)
{
Properties properties = new Properties();
try{
GetSecretValueRequest getSecretValueRequest = GetSecretValueRequest.builder()
.secretId(secretName)
.build();
GetSecretValueResponse valueResponse = secretsManagerClient.getSecretValue(getSecretValueRequest);
properties.setProperty(secretName, valueResponse.secretString());
}catch(SecretsManagerException e)
{
System.out.println(e.getMessage());
System.out.println("Error while Fetching Secrets");
}
return properties;
}
- The above method first create a request object with secret manager name . Then secret manager client is used to fetch response from AWS with request.
- The secret string from received response is then stored in properties and returned to controller.
Step 3 : Create Secret Manager in AWS
- Go to secret manager page and click on store secret .
- specify the secret you want to store. For this article we will store other type of secrets.
Specify name for the secret manager.
leave other values as default and click on store.
Step 4 : Test the application
Login to AWS for AWS SDK . We will be using SSO login
Start the spring application
Hit the get endpoint along with parameter secretName.
We will get secret string from Secret manager.
How to Use AWS Secrets Manager in Spring Boot?
AWS secret manager is most popular AWS service used for storing service secrets and other environment variables used for deploying applications. Spring applications use most of the variables defined in the application.properties file. In this article, we will see how to use AWS secret manager in Spring Boot and use it to secret variables.