AWS Secret Manager Service as application properties with Spring boot

sophea Mak
6 min readJan 5, 2020

--

In this article, I will share the hands-on and how to use the AWS Secret Manager service with spring-boot as the config application properties.

What is AWS Secret manager?

AWS Secrets Manager is an AWS service that makes it easier for you to manage secrets. Secrets can be database credentials, passwords, third-party API keys, and even arbitrary text. You can store and control access to these secrets centrally by using the Secrets Manager console, the Secrets Manager command-line interface (CLI), or the Secrets Manager API and SDKs.

See more details:

https://docs.aws.amazon.com/secretsmanager/latest/userguide/intro.html

Why do we need to use AWS secret Manager?

For security reasons, this service is one of the safe ways to eliminate sensitive information between development and AWS server environment such as database passwords, third party API keys, etc… in a key-value store to be loaded by spring applications at runtime.

1. How to create application properties in AWS Secret Manager?

Here are the following steps on how to create Secret Manage in AWS console.

secret name : /secret/backend
Many languages support with AWS secret manager

See more details: https://docs.google.com/document/d/1UhMUOAI1y50unYE79lYZKAvuQXLRaEG25_HxaLd7ip0/edit?usp=sharing

2. Create EC2 instance

The EC2 instance must attache the roles with permissions Secret Manager. The instance must install java 8 JDK ( Amazon Linux OS)

sudo yum install java-1.8.0-openjdk
create roles
create role
Attache the IAM Role to EC2 instance
Allow port 8090 to access from the internet

3. Springboot Application with AWS Cloud integration

For a better understanding, we will be developing the sample project. The source code you can find in the repository GitHub: https://github.com/sophea/springboot-aws-secret-manager

Dependencies with spring cloud AWS

pom.xml — add the following dependencies

<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-context</artifactId>
<version>2.1.0.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-aws-secrets-manager-config</artifactId>
<version>2.1.0.RELEASE</version>
</dependency>

Resources folder: add the bootstarp.yml properties for spring aws cloud see the following

resources
application.yml
application.local.yml
bootstrap.yml ## it is used for aws cloud
bootstrap-local.yml ## it is used by appliaction-local.yml

bootstrap.yml

aws:
secretsmanager:
name: backend
cloud:
aws:
region:
static: ap-southeast-1

Spring Cloud integration: https://cloud.spring.io/spring-cloud-static/spring-cloud-aws/2.1.1.RELEASE/multi/multi__cloud_environment.html

Expose Test Controller as REST-API

package com.sma.aws.properties.controller;

import org.springframework.beans.factory.annotation.Value;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RestController;

import javax.servlet.http.HttpServletRequest;
import java.util.HashMap;
import java.util.Map;

/**
*
@author Mak Sophea
*
@date : 1/3/2020
**/
@RestController
@RequestMapping(value = "/api/test")
public class TestController {

@Value(value = "${application.id}")
private String applicationId;

@Value(value = "${environment}")
private String environment;

@Value(value="${categories.types:#{null}}")
private String[] categoryTypes;

@RequestMapping(value = "v1", method = RequestMethod.GET)
public Map<String, Object> getProperties(HttpServletRequest request) {

final Map<String, Object> map = new HashMap<>();
map.put("applicationId", applicationId);
map.put("environment", environment);
map.put("types", categoryTypes);
return map;
}

}

Run spring-boot in the local environment

# run spring boot with profile local ( application.local.yml)
mvn clean spring-boot:run -Dspring-boot.run.profiles=local

Browser: http://localhost:8090/api/test/v1

{
environment: "local", types: ["zone001","zone002","zone003"], applicationId: "backend-test"
}

deploy the jar file in EC2 AWS server

suppose we put the jar file in /home/ec2-user/app.jar

cd /home/ec2-user
java -jar app.jar
curl http://13.250.38.249:8090/api/test/v1{
environment: "aws",
types:- [
"AWSzone001"
],
applicationId: "backend-test"
}

=======The consloe=====

[ec2-user@ip-172-31-25-165 ~]$ java -jar app.jar


. ____ _ __ _ _
/\\ / ___'_ __ _ _(_)_ __ __ _ \ \ \ \
( ( )\___ | '_ | '_| | '_ \/ _` | \ \ \ \
\\/ ___)| |_)| | | | | || (_| | ) ) ) )
' |____| .__|_| |_|_| |_\__, | / / / /
=========|_|==============|___/=/_/_/_/
:: Spring Boot :: (v2.2.1.RELEASE)

2020-01-03 08:07:42.522 INFO 4545 --- [ main] b.c.PropertySourceBootstrapConfiguration : Located property source: CompositePropertySource {name='aws-secrets-manager', propertySources=[AwsSecretsManagerPropertySource {name='/secret/backend'}, AwsSecretsManagerPropertySource {name='/secret/application'}]}
2020-01-03 08:07:42.551 INFO 4545 --- [ main] c.s.a.p.AwsSecretPropertiesApplication : No active profile set, falling back to default profiles: default
2020-01-03 08:07:44.231 INFO 4545 --- [ main] o.s.cloud.context.scope.GenericScope : BeanFactory id=381b7099-2ee7-3664-8

2020-01-03 08:07:45.104 INFO 4545 --- [ main] o.s.b.w.embedded.tomcat.TomcatWebServer : Tomcat initialized with port(s): 8090 (http)
2020-01-03 08:07:45.143 INFO 4545 --- [ main] o.apache.catalina.core.StandardService : Starting service [Tomcat]
2020-01-03 08:07:45.144 INFO 4545 --- [ main] org.apache.catalina.core.StandardEngine : Starting Servlet engine: [Apache Tomcat/9.0.27]
2020-01-03 08:07:45.292 INFO 4545 --- [ main] o.a.c.c.C.[Tomcat].[localhost].[/] : Initializing Spring embedded WebApplicationContext
2020-01-03 08:07:45.298 INFO 4545 --- [ main] o.s.web.context.ContextLoader : Root WebApplicationContext: initialization completed in 2712 ms
2020-01-03 08:07:46.566 INFO 4545 --- [ main] o.s.s.concurrent.ThreadPoolTaskExecutor : Initializing ExecutorService 'applicationTaskExecutor'
2020-01-03 08:07:47.371 INFO 4545 --- [ main] o.s.b.a.e.web.EndpointLinksResolver : Exposing 2 endpoint(s) beneath base path '/actuator'
2020-01-03 08:07:47.684 INFO 4545 --- [ main] o.s.b.w.embedded.tomcat.TomcatWebServer : Tomcat started on port(s): 8090 (http) with context path ''
2020-01-03 08:07:47.693 INFO 4545 --- [ main] c.s.a.p.AwsSecretPropertiesApplication : Started AwsSecretPropertiesApplication in 11.259 seconds (JVM running for 12.284)
2020-01-03 08:09:55.761 INFO 4545 --- [nio-8090-exec-1] o.a.c.c.C.[Tomcat].[localhost].[/] : Initializing Spring DispatcherServlet 'dispatcherServlet'
2020-01-03 08:09:55.762 INFO 4545 --- [nio-8090-exec-1] o.s.web.servlet.DispatcherServlet : Initializing Servlet 'dispatcherServlet'
2020-01-03 08:09:55.791 INFO 4545 --- [nio-8090-exec-1] o.s.web.servlet.DispatcherServlet : Completed initialization in 28 ms

Conclusion

I hope this article can help you and enlarge your knowledge about how to use AWS Secret Manager service with SpringBoot Framework.

If you found that this article is helpful, please support to press on the clap button and help other readers to reach this story as well.

I look forward to the feedback and comments.

📝 Save this story in Journal.

👩‍💻 Wake up every Sunday morning to the week’s most noteworthy stories in Tech waiting in your inbox. Read the Noteworthy in Tech newsletter.

--

--

sophea Mak
sophea Mak

Written by sophea Mak

15+ years of professional experience engineer software development with JAVA and open-source majority and DevOps lately. https://www.linkedin.com/in/sopheamak

Responses (6)