Search code examples
springgcloudgoogle-secret-manager

GCloud secrets not resolving in spring properties

TL;DR: the GCP secrets are not resolved in bootstrap file but the sql starter requires an instance connection name and database name on bootstrap

I'm trying to incorporate GCP Secretmanager in a Spring Boot application that is running on Google App Engine and using the GCP SQL.

However the ${sm:// prefix doesn't seem to be resolved at bootstrap time.

For reference, this is my part of my pom. (I'm using the com.google.cloud dependencies) And I enable the spring profile "gcp"

  <parent>
    <artifactId>spring-boot-starter-parent</artifactId>
    <groupId>org.springframework.boot</groupId>
    <relativePath/>
    <version>2.4.2</version> <!-- lookup parent from repository -->
  </parent>

  <dependencyManagement>
    <dependencies>
      <dependency>
        <groupId>com.google.cloud</groupId>
        <artifactId>spring-cloud-gcp-dependencies</artifactId>
        <version>2.0.1</version>
        <type>pom</type>
        <scope>import</scope>
      </dependency>
    </dependencies>
  </dependencyManagement>

<!-- ... -->
    <!-- cloud -->
    <dependency>
      <groupId>com.google.cloud</groupId>
      <artifactId>spring-cloud-gcp-starter</artifactId>
    </dependency>
    <dependency>
      <groupId>com.google.cloud</groupId>
      <artifactId>spring-cloud-gcp-starter-sql-postgresql</artifactId>
    </dependency>
    <dependency>
      <groupId>com.google.cloud</groupId>
      <artifactId>spring-cloud-gcp-starter-secretmanager</artifactId>
    </dependency>

And in my bootstrap (for example)

spring:
  cloud:
    gcp:
      sql:
        database-name: ${sm://some-fancy-db-secret}
        instance-connection-name: ${sm://some-cool-connection-name}

When deploying I get an exception stating that a database-name needs to be defined.

If I fill in the plain properties it works just fine. Even the ${sm://db-username} works inside my application-gcp.yml file.

When I move the property from the bootstrap file it also fails. It seems it needs the connection when bootstrapping. (I'm a bit in the dark about that)

There's no fancy multi-project going on, and yes the secret exists.

I have a feeling I'm missing something stupid here or there's a version mismatch somewhere. (The Codelab doesn't seem to be mentioning anything special at all.)

I also checked this question. However the proposed answer doesn't seem to be valid anymore. The com.google.cloud.spring.autoconfigure.secretmanager.GcpSecretManagerProperties don't even contain a prefix property, besides it works just fine in my normal properties file.

Solution

  • Has been fixed in the latest release.