Read value from AWS Secrets Manager and replace a placeholder in the Springboot property values

Question

Our application needs to connect to confluent kafka and thus we have the following setups inside application.yaml file

kafka:
    properties:
      sasl:
        mechanism: PLAIN
        jaas:
          config: org.apache.kafka.common.security.plain.PlainLoginModule   required username={userName}   password={passWord};

The {userName} and {passWord} need to be replaced by value fetching from AWS secret manager. These are what I have done so far.

Step 1: Use the following maven dependency

<dependency>
    <groupId>com.amazonaws</groupId>
    <artifactId>aws-java-sdk-secretsmanager</artifactId>
</dependency>

Step 2: Create a configuration class and create a method annotated with @Bean to init a AWSSecretsManager client object.And we can get some key value pairs by using AWSSecretsManager object.

// Create a Secrets Manager client
AWSSecretsManager client  = AWSSecretsManagerClientBuilder.standard()
        .withRegion(region)
        .withCredentials(new AWSStaticCredentialsProvider(new BasicAWSCredentials(accessKey, secretKey)))
        .build();

I have the following questions to ask:

1. How can we inject the value we get from secret manager and replace the placeholder in the application.yml file?
2. To access AWSSecretsManager we need to pass AWS accessKey and seretKey. What is a good practice to provide those two values?

Some more info:

our application will be running on AWS ECS

Answer 1

I wouldn't recommend doing this via Java code at all. I would totally remove the aws-java-sdk-secretsmanager dependency, and use the ECS support for injecting SecretsManager values as environment variables.