Search code examples
amazon-web-servicesspring-bootaws-secrets-manager

How to integrate AWS Secret Manager with Spring Boot Application


I have a requirement to retrieve credentials from AWS Secret Manager, and I found that I need to add the gradle dependency for the following starter

spring-cloud-starter-aws-secrets-manager-config

Also, i found that I need to add the following settings in Bootstrap.yml

Property Configurations

I'm unclear how secret key could be accessed in my Spring Boot Application if someone could chime in much appreciated.


Solution

  • I would like to share my findings on SecretManager integration with Spring Boot application.

    Step 1. Add spring-cloud-starter-aws-secrets-manager-config dependency in Spring Boot Application ( Gradle and Maven ways of adding dependency is different).

    Step 2. Add the following configuration in bootstrap.yml file.

    aws:
      secretsmanager:
        prefix: /secret
        defaultContext: application
        profileSeparator: _
        failFast: true
        name: <service_name>
        enabled: true
    

    Step 3. create secrets in AWS Management console for the region required.

    There are two secrets contexts

    1. Application context - Shared secrets across all services.
    2. Service context - secrets specific to service.

    Final note on creating secrets,Secrets could be created for each environments.

    For example,

    /secret/service_name_dev/username
    
    /secret/service_name_prod/username
    

    Application context secrets could be created according to following format.

    /secret/application/username
    

    Once Spring Boot application started with above settings, Application will load secrets from AWS Secret Manager based on active profile.

    For example, for a dev profile, it will load the secret /secret/service_name_dev/username, and the value could be accessed in configuration as well as in classes using ${username} mapping.