Reputation: 51
Using spring-cloud-starter-aws-secrets-manager-config to retrieve AWS secrets at application start up. After defining multiple secrets in AWS secrets manager I cannot see how I can define multiple mappings to map those secrets.
bootstrap.yml
aws:
secretsmanager:
prefix: /secret
defaultContext: context-name
profileSeparator: _
failFast: true
name: service-name
enabled: true
pom.xml
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.0.9.RELEASE</version>
<relativePath /> <!-- lookup parent from repository -->
</parent>
<groupId>com.example</groupId>
<artifactId>demo</artifactId>
<version>0.0.1-SNAPSHOT</version>
<name>demo</name>
<description>Demo project for Spring Boot</description>
<properties>
<java.version>1.8</java.version>
</properties>
<dependencyManagement>
<dependencies>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-dependencies</artifactId>
<version>Finchley.SR4</version>
<type>pom</type>
<scope>import</scope>
</dependency>
</dependencies>
</dependencyManagement>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-aws-secrets-manager-config</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
</project>
secrets defined in AWS as /secret/context-name/val1 [foo:bar] /secret/context-name/val2 [wibble:wombat]
The underlying code in AwsSecretsManagerPropertySource seems to look for the actual secret at the following /secret/context-name /secret/context-name_ /secret/service-name /secret_service-name_
only, so never finds the secret at /secret/context-name/X
Is this expected behaviour ? if so, how would I define multiple secrets in bootstrap.yml ?
Upvotes: 4
Views: 2365
Reputation: 308
you can define your custom(not read by spring by default) secret name via
spring:
config:
import: optional:aws-secretsmanager:{secret arn}
or via
spring:
config:
import: optional:aws-secretsmanager:{/secret/shortName}
when spring boot application boots up, it usually read and load secrets in the environment from these secrets
/prefix/application
/prefix/{your-application-name}
in addition with what you defined via spring.config.import
you can read more about it from here
Upvotes: 1
Reputation: 731
For me below configuration in bootstrap.yml worked
spring:
application:
name: AwsSecretManager
aws:
secretsmanager:
prefix: /secret
defaultContext: service
profileSeparator: _
failFast: true
name: AwsSecretManager
enabled: true
cloud:
aws:
stack:
auto: false
region:
use-default-aws-region-chain: true
credentials:
use-default-aws-credentials-chain: true
Properties defined in AWS as below
Secret name: /secret/AwsSecretManager_dev
Here dev denotes the profile for which the properties are defined.
Note: The configuration defined in bootstarp.yml is just a sample configuration for only the Secret manager service and does not make use of AWS stack. The properties will vary based on requirement.
Upvotes: 0