Secrets manager issues in Spring boot 2.4
See original GitHub issueFrom spring-cloud-aws created by jojijohn: spring-cloud/spring-cloud-aws#781
Type: Bug
Component: Secrets Manager
Describe the bug Spring boot 2.4.3 Spring Cloud AWS: 2.3.1
I am facing a couple of issues with Spring Cloud AWS integration for Secrets Manager and Parameter Store. I am planning to store my config in Parameter Store and the secrets in Secrets Manager
- Even though I have a bootstrap.yml under src/main/resources; it is not being read on startup. I had to move the configs to application.yml to make it work.
- I put the secrets as plain text in /secret/epdcs/my-app , but that didn’t work. Does only key/value pairs work?
- When I import
"aws-secretsmanager:"
, the app wouldn’t even start, so I now have to specify the secret keys -"aws-secretsmanager:/secret/epdcs/application;/secret/epdcs/my-app"
- To connect from my local machine, my understanding is that the
cloud.aws.credentials.profile-name
andcloud.aws.region.static
will be used - but that didn’t work and I had to set the environment variablesAWS_PROFILE
andAWS_REGION
Sample
This is what I have in my application.yml:
spring:
application:
name: my-app
config:
import:
- "aws-parameterstore:"
- "aws-secretsmanager:/secret/epdcs/application;/secret/epdcs/my-app"
cloud:
aws:
stack:
auto: false
credentials:
profile-name: dev
region:
static: us-east-1
aws:
paramstore:
prefix: /config/epdcs
region: us-east-1
secretsmanager:
prefix: /secret/epdcs
region: us-east-1
These are the spring-cloud dependencies I have in pom.xml
<dependency>
<groupId>io.awspring.cloud</groupId>
<artifactId>spring-cloud-starter-aws-secrets-manager-config</artifactId>
</dependency>
<dependency>
<groupId>io.awspring.cloud</groupId>
<artifactId>spring-cloud-starter-aws-parameter-store-config</artifactId>
</dependency>
and the BOM:
<dependency>
<groupId>io.awspring.cloud</groupId>
<artifactId>spring-cloud-aws-dependencies</artifactId>
<version>2.3.1</version>
<type>pom</type>
<scope>import</scope>
</dependency>
Issue Analytics
- State:
- Created 2 years ago
- Comments:6 (3 by maintainers)
Top Results From Across the Web
spring boot with aws secrets manager is not download the ...
I have updated the Spring boot from 2.0.9.RELEASE to 2.4.3, and I am using the package to get the AWS Secrets version 2.2.5.RELEASE....
Read more >Spring Boot Secret Properties: How to store secrets in your ...
In this tutorial, you will learn how to use Spring Boot secret properties in your next application. When you define your own configuration ......
Read more >Spring Cloud Config Server
AWS Secrets Manager Backend. Spring Cloud Config Server supports AWS Secrets Manager as a backend for configuration properties. You can enable this feature...
Read more >Spring Cloud AWS
1. Spring Boot Configuration Import Support. From Spring Cloud AWS 2.3.0 onwards, the Secrets Manager Configuration module additionally supports using Spring ...
Read more >spring-cloud/spring-cloud-aws - Gitter
I have just noticed that spring-cloud-aws repository has been moved ... using spring-cloud-starter-aws-secrets-manager-config 2.4.1 with spring-boot 2.6.8 .
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
I found that defining a property
aws.secretsmanager.region
in yourapplication.yml
lets you define a region without having to add custom code.All configurable properties can be found in
io.awspring.cloud.secretsmanager.AwsSecretsManagerProperties
(tested withspring-cloud-aws-secrets-manager-config v2.4.1
)@noshua You need to register custom client for secrets manager. Check this entry in docs https://docs.awspring.io/spring-cloud-aws/docs/3.0.0-SNAPSHOT/reference/html/index.html#customizing-secretsmanagerclient (it’s for 3.0 but same principles apply to 2.4.x)