Get a secret from AWS secret manager using DefaultAWSCredentialsProviderChain

Question

Is there a way to retrieve a secret from the AWS secret store using DefaultAWSCredentialsProviderChain java class?

If not please suggest a way to retrieve it? (I need this in the context of doing signature V4 signing the request to connect with AWS Neptune. For signature signing, I am using this example. But my secrets are in AWS secret manager, So How can I retrieve the secret from the secret store with DefaultAWSCredentialsProviderChain)

Answer 1

I'm not sure if Secrets Manager exposes a AWSCredentialsProvider interface, but even if they don't support one, it should be easy to write something up.

Here is a sample implementation that uses the Secrets Manager APIs to expose a credentials provider implmentation:

https://github.com/jenkinsci/aws-secrets-manager-credentials-provider-plugin/blob/0e12e02a759d13524ed7f5cd0125ef6eab47ff7d/src/main/java/io/jenkins/plugins/credentials/secretsmanager/AwsCredentialsProvider.java

Once you have something like this, just make sure you pass it to the SigV4Signer that you use in your application.

Reference: https://github.com/aws/amazon-neptune-sigv4-signer/blob/master/src/main/java/com/amazonaws/neptune/auth/NeptuneSigV4SignerBase.java#L77-L86

Hope this helps.

Answer 2

It is possible with aws secretsmanager

Use these docs