How to integrate Spring Cloud with AWS Secrets Manager?

Question

I'm trying to integrate Spring Cloud application with the AWS Secrets Manager.

While doing, I'm having issue finding example code for Spring Cloud and the AWS Secrets manager integration. I have got the spring-cloud-starter-aws-secrets-manager-config in our pom, looking at the official docs.

As per this documentation, I need to just add property sources in a certain way, but I'm unsure how it can select the correct secrets?

If my application is called com.example.test does that mean my secret should be called secret.com.example.test and anything I add in there will automatically be available as a property source?

Do I even need to add any code for this to work? or Could you provide any other sources to complete this?

Answer 1

This library is not super intuitive and took me a bit to figure out. Sounds like they may be revamping this a lot soon but as of spring-cloud-aws:2.2.3.RELEASE I got it working like this:

Authentication

Make sure you have your profile configuration in a <USER_HOME>/.aws/credentials file with a [default] profile

Region

In version 2.2.3 there is a bug that defaults the region to us-west-2 unless this is specified in your bootstrap.yml

aws:
  secretsmanager:
    region: <whatever region you'd like>

Secrets Manager

Make a secret named /secret/application. For now, add a key/value pair "password:secret"

Code

These key/value pairs will be directly mapped to properties, so you should now be able to just throw this in your Spring app. Your password variable will now have the value "secret"

@Service
public class MyService {

    @Value("${password}")
    public String password;
}

That's the basics. If you read the documentation they describe how to determine which secrets are checked on startup. In your example, by default it would also be checking /secret/com.example.test in addition to /secret/application