Open in app

Sign in

Write

Sign in

Spring Boot with AWS Parameter Store and AWS Secret Manager Part 1 — Default Configurations

Ran Zhang
6 min readMay 10, 2021

--

This guide introduce basic setup for establish connection for SpringBoot with AWS Parameter and AWS Secret Manager. This guide covers basic configuration in Spring Boot and how to create corresponding data to be mapped in Amazon Web Services.

Part 2 covers customisation for Secret Manager’s naming convention.

The services created in this guide will be using Singapore Region (ap-southeast-1)

What you will build

You will build a simple Restful API with spring boot and retrieve parameter stored in AWS Parameter Store and AWS Secret Manager.

What You Need

IntelliJ or other IDE

JDK 11

Maven 3.2 +

AWS account with permission to access/modify AWS Parameter Store and AWS Secret Manager

Step 1 Create Parameters in AWS Parameter Store
Login to your AWS Console → AWS System Manager → Parameter Store and Click Create Parameter

AWS parameter store’s name fields follows specific syntax, the naming convention affects the bootstrap properties in SpringBoot. Enter the value for the corresponding fields and click Create parameter.

By default the name field follows the following convention:
/{prefix}/{application name}/{actual parameter}
Default prefix is: /config

Name: /config/infozhangran/dynamodb.access.key
Description: Access key for dynamo db
Tier: Standard
Type: String
Data type: text
Value: dynamo_db_access_key

After you successfully configure the Parameter. You may see the record in the Parameter Store.

Next, we will create a parameter use SecureString.

Name: /config/infozhangran/exploreparamstore.device.token
Description: Test param store device token
Tier: Standard
Type: SecureString
KMS key source: My current account
KMS Key ID: alias/aws/ssm
Value: test token

Now you will have 2 parameters in Parameter Store:

Step 2 Create Secret in AWS Parameter Store

Login to your AWS Console → AWS Secrets Manager and click Store a new secret

The example used in this guide will primarily focus on other type of secrets. Fill in the following information in the first page and click Next

Select secret tye: Other type of secrets (e.g. API key)Secret key/value:
test1:value1
test2:value2
test3:value3Select the encryption key:
DefaultEncryptionKey

Key in the name of the secret. Please noted the naming convention of the name for the secret. And click Next

By default the Secret name field follows the following convention:
/{prefix}/{application name}
Default prefix is: /secret

Secret name: /secret/infozhangran

For simplicity purpose, the automated rotation will be disabled. And click Next

If everything is ok, review the setting in next page and click Store

You will see a newly created secret appear in AWS Secret Manager.

In the following part, this guide will show you how to configure SpringBoot Application and retrieve values from AWS Parameter Store and AWS Secret Manager.

Step 3 Create a SpringBoot Application.

If you are familiar with initialize Spring Boot Application, you may skip this step.

This guide uses IntellJ IDE to create SpringBoot Application, you may use other IDE other tools to initialise the application.

Configure the project and click Next:

Group: info.zhangran.aws.demo
Artifact: demo
Type: Maven
Language: Java
Packaging: Jar
Java version: 11
Version: 0.0.1-SNAPSHOT
NAME:explore aws servcies
Description:Demo project for Spring Boot
Package: info.zhangran.aws.dem

Select the following Dependencies and click next.

Spring Boot Dev Tools
Lombok
Spring Web
Spring Boot Actuator

Give a name for the project and click Finish

If everything configure properly, you may launch the application and the following output shall be shown in the terminal, if there is any error reported, you may recreate the project.

2021-05-10 21:32:12.295  INFO 197690 --- [  restartedMain] i.z.a.d.ExploreAwsServciesApplication    : No active profile set, falling back to default profiles: default
2021-05-10 21:32:12.330  INFO 197690 --- [  restartedMain] .e.DevToolsPropertyDefaultsPostProcessor : Devtools property defaults active! Set 'spring.devtools.add-properties' to 'false' to disable
2021-05-10 21:32:13.231  INFO 197690 --- [  restartedMain] o.s.b.d.a.OptionalLiveReloadServer       : LiveReload server is running on port 35729
2021-05-10 21:32:13.251  INFO 197690 --- [  restartedMain] i.z.a.d.ExploreAwsServciesApplication    : Started ExploreAwsServciesApplication in 1.247 seconds (JVM running for 1.875)

Step 4 Update AWS related Dependencies

Add the following dependencies in the pom.xml file. Please noted that there might be dependencies conflict for Spring Cloud and Spring Boot, please check the dependency matrix from below link if you are using a different Spring Boot Version.

https://start.spring.io/actuator/info

<dependency>
  <groupId>org.springframework.cloud</groupId>
  <artifactId>spring-cloud-starter</artifactId>
  <version>3.0.2</version>
</dependency>
<dependency>
  <groupId>org.springframework.cloud</groupId>
  <artifactId>spring-cloud-starter-bootstrap</artifactId>
  <version>3.0.2</version>
</dependency>
<dependency>
  <groupId>org.springframework.cloud</groupId>
  <artifactId>spring-cloud-starter-aws-parameter-store-config</artifactId>
  <version>2.2.6.RELEASE</version>
</dependency>
<dependency>
  <groupId>org.springframework.cloud</groupId>
  <artifactId>spring-cloud-starter-aws-secrets-manager-config</artifactId>
  <version>2.2.6.RELEASE</version>
</dependency>

The updated Pom File should be like the following file.

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
  <modelVersion>4.0.0</modelVersion>
  <parent>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-parent</artifactId>
    <version>2.4.5</version>
    <relativePath/> <!-- lookup parent from repository -->
  </parent>
  <groupId>info.zhangran.aws.demo</groupId>
  <artifactId>demo</artifactId>
  <version>0.0.1-SNAPSHOT</version>
  <name>explore aws servcies</name>
  <description>Demo project for Spring Boot</description>
  <properties>
    <java.version>11</java.version>
  </properties>
  <dependencies>
    <dependency>
      <groupId>org.springframework.boot</groupId>
      <artifactId>spring-boot-starter-actuator</artifactId>
    </dependency>
    <dependency>
      <groupId>org.springframework.boot</groupId>
      <artifactId>spring-boot-starter-web</artifactId>
    </dependency>
    <dependency>
      <groupId>org.springframework.boot</groupId>
      <artifactId>spring-boot-devtools</artifactId>
      <scope>runtime</scope>
      <optional>true</optional>
    </dependency>
    <dependency>
      <groupId>org.projectlombok</groupId>
      <artifactId>lombok</artifactId>
      <optional>true</optional>
    </dependency>
    <dependency>
      <groupId>org.springframework.boot</groupId>
      <artifactId>spring-boot-starter-test</artifactId>
      <scope>test</scope>
    </dependency>
    <dependency>
      <groupId>org.springframework.cloud</groupId>
      <artifactId>spring-cloud-starter</artifactId>
      <version>3.0.2</version>
    </dependency>
    <dependency>
      <groupId>org.springframework.cloud</groupId>
      <artifactId>spring-cloud-starter-bootstrap</artifactId>
      <version>3.0.2</version>
    </dependency>
    <dependency>
      <groupId>org.springframework.cloud</groupId>
      <artifactId>spring-cloud-starter-aws-parameter-store-config</artifactId>
      <version>2.2.6.RELEASE</version>
    </dependency>
    <dependency>
      <groupId>org.springframework.cloud</groupId>
      <artifactId>spring-cloud-starter-aws-secrets-manager-config</artifactId>
      <version>2.2.6.RELEASE</version>
    </dependency>
    <dependency>
      <groupId>org.springframework.boot</groupId>
      <artifactId>spring-boot-starter-web</artifactId>
    </dependency>
  </dependencies>

  <build>
    <plugins>
      <plugin>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-maven-plugin</artifactId>
        <configuration>
          <excludes>
            <exclude>
              <groupId>org.projectlombok</groupId>
              <artifactId>lombok</artifactId>
            </exclude>
          </excludes>
        </configuration>
      </plugin>
    </plugins>
  </build>

</project>

Step 4 Update SpringBoot application’s properties

Update the following information in application.perperties, the application name is important in this case as it will be used to match the application name created in AWS Parameter Store and AWS Secret Manager.

server.port=8081
spring.application.name=infozhangran

Create a bootstrap.properties file under resources folder and update the following parameters in the file.

aws.paramstore.prefix=/config
aws.paramstore.name=infozhangran
aws.paramstore.enabled=true
aws.paramstore.profileSeparator=_
aws.secretsmanager.name=infozhangran
aws.secretsmanager.prefix=/secret
aws.secretsmanager.profileSeparator: _
aws.secretsmanager.enabled=true
aws.secretsmanager.failFast=true
aws.secretsmanager.defaultContext= application

Step 5 Create a Web Controller for testing purpose

This step is mean for demo the loading of the data. Create DemoController.java and place it under web package.

package info.zhangran.aws.demo.web;

import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
import org.springframework.http.ResponseEntity;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;


@Slf4j
@RestController
@EnableAutoConfiguration
public class DemoController {

  @Value("${dynamodb.access.key}")
  private String dynamodbAccessKey;

  @Value("${exploreparamstore.device.token}")
  private String deviceToken;


  @Value("${test1}")
  private String secretManagerTest1;

  @Value("${test2}")
  private String secretManagerTest2;

  @Value("${test3}")
  private String secretManagerTest3;

  @GetMapping("/parameter")
  public ResponseEntity<String> getParam() {
    log.info("Parameter Store DyamoDB Access Key {}", dynamodbAccessKey);
    log.info("Parameter Store Device Token {}", deviceToken);
    log.info("Secret Manager test1's value {}", secretManagerTest1);
    log.info("Secret Manager test1's value {}", secretManagerTest2);
    log.info("Secret Manager test1's value {}", secretManagerTest3);
    return ResponseEntity.ok("hello");
  }

}

Step 6 Launch the application and test locally

Issue a Get request to url http://localhost:8081/parameter, you may see the following output appear in console.

Parameter Store DyamoDB Access Key dynamo_db_access_key
Parameter Store Device Token test token
Secret Manager test1’s value value1
Secret Manager test1’s value value2
Secret Manager test1’s value value3

That is all for this guide, thanks for reading. Source code can be found from here: https://github.com/zhangran1/Spring-Boot-Integrate-AWS-Parameter-Store-and-Secret-Manager

AWS
Spring Boot
Parameter Store
Aws Secrets Manager

--

--

Ran Zhang
Ran Zhang

Written by Ran Zhang

35 Followers
5 Following

Strategic Cloud Engineer at Google.

Responses (1)

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams