I am running a web app using Spring Boot 2.6.10 with external configuration. Our configuration server is secure, so credentials must be provided. The credentials are stored in Google Cloud Secret Manager. However, it seems that the Spring Cloud Config section of the application.yml does not recognize the secret manager notation (sm://). Properties outside of the spring cloud config section resolve the secret manager tokens correctly. As a sanity check, I entered the plain text credentials in the application.yml and the properties loaded just fine. Am I missing a dependency or an updated version of Spring Boot or Spring Boot Cloud?
pom.xml
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>io.my</groupId>
<artifactId>smtest</artifactId>
<version>0.0.1-SNAPSHOT</version>
<name>Secret Manager Test</name>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.6.10</version>
<relativePath/> <!-- lookup parent from repository -->
</parent>
<properties>
<java.version>1.8</java.version>
<spring-cloud.version>2021.0.3</spring-cloud.version>
<spring-cloud-gcp.version>3.3.0</spring-cloud-gcp.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-config</artifactId>
</dependency>
<dependency>
<groupId>com.google.cloud</groupId>
<artifactId>spring-cloud-gcp-starter-secretmanager</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-configuration-processor</artifactId>
<optional>true</optional>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
</dependencies>
<dependencyManagement>
<dependencies>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-dependencies</artifactId>
<version>${spring-cloud.version}</version>
<type>pom</type>
<scope>import</scope>
</dependency>
<dependency>
<groupId>com.google.cloud</groupId>
<artifactId>spring-cloud-gcp-dependencies</artifactId>
<version>${spring-cloud-gcp.version}</version>
<type>pom</type>
<scope>import</scope>
</dependency>
</dependencies>
</dependencyManagement>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
<version>2.6.10</version>
</plugin>
</plugins>
</build>
</project>
application.yml
io:
my:
data:
# These tokens resolve
user: "${sm://my-gcp-project/my-data-user/latest}"
password: "${sm://my-gcp-project/my-data-password/latest}"
spring:
application:
name: smtest
cloud:
config:
uri: https://my-external-config.io
# These tokens DO NOT resolve
username: "${sm://my-gcp-project/ext-config-user/latest}"
password: "${sm://my-gcp-project/ext-config-password/latest}"
config:
import: "configserver:"
I believe this issue is resolved by Spring Boot. Using more recent versions of Spring Boot and cloud dependencies resolved this.
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.7.10</version>
<relativePath/> <!-- lookup parent from repository -->
</parent>
<dependencyManagement>
<dependencies>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-dependencies</artifactId>
<version>2021.0.5</version>
<type>pom</type>
<scope>import</scope>
</dependency>
<dependency>
<groupId>com.google.cloud</groupId>
<artifactId>spring-cloud-gcp-dependencies</artifactId>
<version>3.4.0</version>
<type>pom</type>
<scope>import</scope>
</dependency>
</dependencies>
</dependencyManagement>