How to Use AWS Secrets Manager in Spring Boot?
Last Updated :
21 May, 2024
AWS secret manager is most popular AWS service used for storing service secrets and other environment variables used for deploying applications. Spring applications use most of the variables defined in the application.properties file. In this article, we will see how to use AWS secret manager in Spring Boot and use it to secret variables.
Primary Terminologies:
- Secret Manager: Secret manager is a service offered by AWS for managing Secret credentials, Database Credentials, API keys and other secrets.
- Spring Boot: Spring boot is a Java framework built for developing microservices and web-based REST applications.
- Secrets: Secrets are properties stored in the AWS Secret Manager.
How to use AWS Secrets Manager in Spring Boot :
To configure AWS Secrets Manager in Spring Boot first, let's create a sample Spring Boot project. For this article, we will create a project with a simple controller and configuration class containing code for a secret manager. You can download the reference code from here.
To use secret manager in the spring project AWS SDK must be configured with credentials follow the steps in the below docs to configure AWS credentials and SDK.
AWS JAVA SDK configuration
Step 1: Create Spring Boot Project
- Create a spring boot project with your favorite IDE.
- Make sure to add the following dependencies in the project inside the pom.xml file.
XML
<dependency>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
<optional>true</optional>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>com.amazonaws</groupId>
<artifactId>aws-java-sdk-core</artifactId>
<version>1.12.721</version>
</dependency>
<dependency>
<groupId>software.amazon.awssdk</groupId>
<artifactId>secretsmanager</artifactId>
<version>2.25.50</version>
</dependency>
<dependency>
<groupId>software.amazon.awssdk</groupId>
<artifactId>sso</artifactId>
<version>2.25.50</version>
</dependency>
<dependency>
<groupId>software.amazon.awssdk</groupId>
<artifactId>ssooidc</artifactId>
<version>2.25.52</version>
</dependency>
Step 2 : Add code in project
- First, create a sample controller which will contain a route for fetching secrets from the secret manager class.
Java
@Autowired
SecretManagerConfig secretManagerConfig;
@GetMapping("/getsecret")
public String getSecret(@RequestParam String secretName) {
String secretValue = SecretManagerConfig.getSecretFromAWS(secretManagerConfig.getSecretsManagerClient(), secretName).getProperty(secretName);
return secretValue;
}
- Now lets add configuration class for secret manager. In this class we will create secret manager client as below.
- The secret manager must be created in same region as mentioned below.
Java
SecretManagerConfig(){
secretsManagerClient = SecretsManagerClient.builder().region(Region.AP_SOUTH_1).build();
}
- Finally Add method for fetching secrets from secret manger.
Java
public static Properties getSecretFromAWS(SecretsManagerClient secretsManagerClient,String secretName)
{
Properties properties = new Properties();
try{
GetSecretValueRequest getSecretValueRequest = GetSecretValueRequest.builder()
.secretId(secretName)
.build();
GetSecretValueResponse valueResponse = secretsManagerClient.getSecretValue(getSecretValueRequest);
properties.setProperty(secretName, valueResponse.secretString());
}catch(SecretsManagerException e)
{
System.out.println(e.getMessage());
System.out.println("Error while Fetching Secrets");
}
return properties;
}
- The above method first create a request object with secret manager name . Then secret manager client is used to fetch response from AWS with request.
- The secret string from received response is then stored in properties and returned to controller.
Step 3 : Create Secret Manager in AWS
- Go to secret manager page and click on store secret .
- specify the secret you want to store. For this article we will store other type of secrets.
.png)
Specify name for the secret manager.
.png)
leave other values as default and click on store.
.png)
Step 4 : Test the application
Login to AWS for AWS SDK . We will be using SSO login
.png)
Start the spring application
.png)
Hit the get endpoint along with parameter secretName.
.png)
We will get secret string from Secret manager.
Conclusion
Thus we have successfully configured AWS Secret manager with spring boot application. Secret manager secrets can be used to set properties in application.properties which will be used by spring boot application. Fetching secrets from AWS can be further configured to fetch secrets automatically based on application events and logic.
Similar Reads
How To Use AWS Cloud Key Management Service (KMS) To Protect Your Secrets ? In the ever-changing cloud computing landscape, protecting tangible information is paramount. Cloud Key Management Service (KMS) is emerging as the key to protecting your secrets, encryption keys, and personal data. This article will walk you through how to use Cloud KMS to strengthen the security o
5 min read
How to Get Session Token in AWS? A session token is a popular concept that is used in AWS for giving access to some user or person for a limited amount of time, in this the user gets to access the AWS resources but only for a limited amount of time only.The purpose of the session token is to have more security in the AWS system so
6 min read
How to Integrate Keycloak with Spring Boot and Spring Security? Keycloak is Open Source Identity and Access Management (IAM) solution developed by Red Hat. By using this you can add authentication to applications and secure services with minimum effort. No need to deal with storing users or authenticating users. Keycloak provides user federation, strong authenti
2 min read
How To Use Kubernetes Secrets As Files In Containers ? Secrets are Objects in Kubernetes that are used to store the data and credentials that we would not want to share with others. Secret is a Kubernetes component just like Configmap but the difference is that it's used to store secret data credentials and it stores this data not a plain text format bu
8 min read
How to Create a Spring Boot Project? Spring Boot is built on top of the spring and contains all the features of spring. It is one of the most popular frameworks for building Java-based web applications and microservices. It is a favorite among developers due to its rapid, production-ready environment, which allows developers to focus o
6 min read
How To List All AWS S3 Objects In A Bucket Using Java Amazon Web Services provides its Simple Storage service for uploading data to the cloud. Data in S3 is stored as objects inside buckets. This data can then be used as per the bucket policy. Accessing data through code is one means of processing this stored data in the cloud. In the following section
6 min read
How to Access Values From application.properties in Spring Boot? In a Spring Boot application, application.properties is the central repository for defining configuration properties. These properties are accessible across the application to customize behavior. Accessing values from application.properties is a common requirement in Spring Boot projects. Spring Boo
3 min read
How to Manage Kubernetes Secrets ? Most applications deployed through Kubernetes require access to databases, services, and other resources located externally. The easiest way to manage the login information necessary to access those resources is by using Kubernetes secrets. Secrets help organize and distribute sensitive information
12 min read
Disable Security for a Profile in Spring Boot In Spring Boot, Spring Security is the crucial aspect of protecting the endpoints and resources. But in some cases, we need to disable security for certain profiles like during development or for specific testing scenarios. Disabling security for the profile allows us to bypass the security constrai
5 min read
How to Use Spring Security without Password Encoding? Spring Security is a framework that allows a programmer to use JEE components to set security limitations on Spring-framework-based Web applications. In a nutshell, it’s a library that can be utilized and customized to suit the demands of the programmer. Because it is a part of the same Spring famil
8 min read