Spring Boot with AWS Parameter Store and AWS Secret Manager Part 2— Customize Secret Manager Name
In part 1 of the article, default configuration for AWS Parameter Store and AWS Secret Manager were used. Sometimes, the team need to customise the naming convention. This guide covers how to customise the settings.
The services created in this guide will be using Singapore Region (ap-southeast-1)
What you will build
You will customise AWS Parameter’s secret naming convention and use SpringCloud to retrieve the secrets.
What You Need
IntelliJ or other IDE
JDK 11
Maven 3.2 +
SpringBoot 2.4.5
Spring Cloud 2.2.6
AWS account with permission to access/modify AWS Parameter Store and AWS Secret Manager
Step 1 Create Secret in AWS Parameter Store
Login to your AWS Console → AWS Secrets Manager and click Store a new secret
The example used in this guide will primarily focus on other type of secrets. Fill in the following information in the first page and click Next
Select secret tye: Other type of secrets (e.g. API key)Secret key/value:
username:passwordSelect the encryption key:
DefaultEncryptionKey
Key in the name of the secret. Please noted the naming convention of the name for the secret. And click Next
Please kindly noted that we are using a different naming convention instead of the default one.
Secret name: /info/zhangran/credentials
For simplicity purpose, the automated rotation will be disabled. And click Next
If everything is ok, review the setting in next page and click Store
Step 2 Update SpringBoot bootstrap’s properties
Compare with the part 1, only change is aws.secretsmanager.name and aws.secretsmanager.prefix=/info. The intention of this guide is to show how to use none default naming convention for secrets stored in secret manager.
aws.paramstore.prefix=/config
aws.paramstore.name=infozhangran
aws.paramstore.enabled=true
aws.paramstore.profileSeparator=_
aws.secretsmanager.name=zhangran/credentials
aws.secretsmanager.prefix=/info
aws.secretsmanager.profileSeparator=_
aws.secretsmanager.enabled=true
aws.secretsmanager.failFast=true
aws.secretsmanager.defaultContext= applicationStep 3 Update Web Controller to use the new secret
Use the new secret key username created in Step 1 and remove the unused secrets and logging.
package info.zhangran.aws.demo.web;
import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
import org.springframework.http.ResponseEntity;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;
@Slf4j
@RestController
@EnableAutoConfiguration
public class DemoController {
@Value("${dynamodb.access.key}") //from parameter store
private String dynamodbAccessKey;
@Value("${exploreparamstore.device.token}") //from parameter store
private String deviceToken;
@Value("${username}") //from secret manager
private String username;
@GetMapping("/parameter")
public ResponseEntity<String> getParam() {
log.info("Parameter Store DyamoDB Access Key {}", dynamodbAccessKey);
log.info("Parameter Store Device Token {}", deviceToken);
log.info("Secret Manager test1's value {}", username);
return ResponseEntity.ok("hello");
}
}Step 4 Launch the application and test locally
Please pay attention to the BootstrapPeopertySource log, confirm the secret manager was loaded from the correct name which is configured in Step 1: /info/zhangran/credentials
2021–11–11 18:39:04.929 INFO 63639 — — [ restartedMain] b.c.PropertySourceBootstrapConfiguration : Located property source: [BootstrapPropertySource {name=’bootstrapProperties-/info/zhangran/credentials’}, BootstrapPropertySource {name=’bootstrapProperties-/info/application’}]
Issue a Get request to url http://localhost:8081/parameter, you may see the following output appear in console.
That is all for this guide, thanks for reading. Source code can be found from here: https://github.com/zhangran1/Spring-Boot-Integrate-AWS-Parameter-Store-and-Secret-Manager/tree/customize-secret-manager-profile
