AWS Secret Manager Service as application properties with Spring boot
In this article, I will share the hands-on and how to use the AWS Secret Manager service with spring-boot as the config application properties.
What is AWS Secret manager?
AWS Secrets Manager is an AWS service that makes it easier for you to manage secrets. Secrets can be database credentials, passwords, third-party API keys, and even arbitrary text. You can store and control access to these secrets centrally by using the Secrets Manager console, the Secrets Manager command-line interface (CLI), or the Secrets Manager API and SDKs.
See more details:
https://docs.aws.amazon.com/secretsmanager/latest/userguide/intro.html
Why do we need to use AWS secret Manager?
For security reasons, this service is one of the safe ways to eliminate sensitive information between development and AWS server environment such as database passwords, third party API keys, etc… in a key-value store to be loaded by spring applications at runtime.
1. How to create application properties in AWS Secret Manager?
Here are the following steps on how to create Secret Manage in AWS console.
See more details: https://docs.google.com/document/d/1UhMUOAI1y50unYE79lYZKAvuQXLRaEG25_HxaLd7ip0/edit?usp=sharing
2. Create EC2 instance
The EC2 instance must attache the roles with permissions Secret Manager. The instance must install java 8 JDK ( Amazon Linux OS)
sudo yum install java-1.8.0-openjdk
3. Springboot Application with AWS Cloud integration
For a better understanding, we will be developing the sample project. The source code you can find in the repository GitHub: https://github.com/sophea/springboot-aws-secret-manager
Dependencies with spring cloud AWS
pom.xml — add the following dependencies
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-context</artifactId>
<version>2.1.0.RELEASE</version>
</dependency><dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-aws-secrets-manager-config</artifactId>
<version>2.1.0.RELEASE</version>
</dependency>
Resources folder: add the bootstarp.yml properties for spring aws cloud see the following
resources
application.yml
application.local.yml
bootstrap.yml ## it is used for aws cloud
bootstrap-local.yml ## it is used by appliaction-local.yml
bootstrap.yml
aws:
secretsmanager:
name: backend
cloud:
aws:
region:
static: ap-southeast-1
Spring Cloud integration: https://cloud.spring.io/spring-cloud-static/spring-cloud-aws/2.1.1.RELEASE/multi/multi__cloud_environment.html
Expose Test Controller as REST-API
package com.sma.aws.properties.controller;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RestController;
import javax.servlet.http.HttpServletRequest;
import java.util.HashMap;
import java.util.Map;
/**
* @author Mak Sophea
* @date : 1/3/2020
**/
@RestController
@RequestMapping(value = "/api/test")
public class TestController {
@Value(value = "${application.id}")
private String applicationId;
@Value(value = "${environment}")
private String environment;
@Value(value="${categories.types:#{null}}")
private String[] categoryTypes;
@RequestMapping(value = "v1", method = RequestMethod.GET)
public Map<String, Object> getProperties(HttpServletRequest request) {
final Map<String, Object> map = new HashMap<>();
map.put("applicationId", applicationId);
map.put("environment", environment);
map.put("types", categoryTypes);
return map;
}
}
Run spring-boot in the local environment
# run spring boot with profile local ( application.local.yml)
mvn clean spring-boot:run -Dspring-boot.run.profiles=local
Browser: http://localhost:8090/api/test/v1
{
environment: "local", types: ["zone001","zone002","zone003"], applicationId: "backend-test"
}
deploy the jar file in EC2 AWS server
suppose we put the jar file in /home/ec2-user/app.jar
cd /home/ec2-user
java -jar app.jarcurl http://13.250.38.249:8090/api/test/v1{
environment: "aws",
types:- [
"AWSzone001"
],
applicationId: "backend-test"
}
=======The consloe=====
[ec2-user@ip-172-31-25-165 ~]$ java -jar app.jar
. ____ _ __ _ _
/\\ / ___'_ __ _ _(_)_ __ __ _ \ \ \ \
( ( )\___ | '_ | '_| | '_ \/ _` | \ \ \ \
\\/ ___)| |_)| | | | | || (_| | ) ) ) )
' |____| .__|_| |_|_| |_\__, | / / / /
=========|_|==============|___/=/_/_/_/
:: Spring Boot :: (v2.2.1.RELEASE)
2020-01-03 08:07:42.522 INFO 4545 --- [ main] b.c.PropertySourceBootstrapConfiguration : Located property source: CompositePropertySource {name='aws-secrets-manager', propertySources=[AwsSecretsManagerPropertySource {name='/secret/backend'}, AwsSecretsManagerPropertySource {name='/secret/application'}]}
2020-01-03 08:07:42.551 INFO 4545 --- [ main] c.s.a.p.AwsSecretPropertiesApplication : No active profile set, falling back to default profiles: default
2020-01-03 08:07:44.231 INFO 4545 --- [ main] o.s.cloud.context.scope.GenericScope : BeanFactory id=381b7099-2ee7-3664-8
2020-01-03 08:07:45.104 INFO 4545 --- [ main] o.s.b.w.embedded.tomcat.TomcatWebServer : Tomcat initialized with port(s): 8090 (http)
2020-01-03 08:07:45.143 INFO 4545 --- [ main] o.apache.catalina.core.StandardService : Starting service [Tomcat]
2020-01-03 08:07:45.144 INFO 4545 --- [ main] org.apache.catalina.core.StandardEngine : Starting Servlet engine: [Apache Tomcat/9.0.27]
2020-01-03 08:07:45.292 INFO 4545 --- [ main] o.a.c.c.C.[Tomcat].[localhost].[/] : Initializing Spring embedded WebApplicationContext
2020-01-03 08:07:45.298 INFO 4545 --- [ main] o.s.web.context.ContextLoader : Root WebApplicationContext: initialization completed in 2712 ms
2020-01-03 08:07:46.566 INFO 4545 --- [ main] o.s.s.concurrent.ThreadPoolTaskExecutor : Initializing ExecutorService 'applicationTaskExecutor'
2020-01-03 08:07:47.371 INFO 4545 --- [ main] o.s.b.a.e.web.EndpointLinksResolver : Exposing 2 endpoint(s) beneath base path '/actuator'
2020-01-03 08:07:47.684 INFO 4545 --- [ main] o.s.b.w.embedded.tomcat.TomcatWebServer : Tomcat started on port(s): 8090 (http) with context path ''
2020-01-03 08:07:47.693 INFO 4545 --- [ main] c.s.a.p.AwsSecretPropertiesApplication : Started AwsSecretPropertiesApplication in 11.259 seconds (JVM running for 12.284)
2020-01-03 08:09:55.761 INFO 4545 --- [nio-8090-exec-1] o.a.c.c.C.[Tomcat].[localhost].[/] : Initializing Spring DispatcherServlet 'dispatcherServlet'
2020-01-03 08:09:55.762 INFO 4545 --- [nio-8090-exec-1] o.s.web.servlet.DispatcherServlet : Initializing Servlet 'dispatcherServlet'
2020-01-03 08:09:55.791 INFO 4545 --- [nio-8090-exec-1] o.s.web.servlet.DispatcherServlet : Completed initialization in 28 ms
Conclusion
I hope this article can help you and enlarge your knowledge about how to use AWS Secret Manager service with SpringBoot Framework.
If you found that this article is helpful, please support to press on the clap button and help other readers to reach this story as well.
I look forward to the feedback and comments.
📝 Save this story in Journal.
👩💻 Wake up every Sunday morning to the week’s most noteworthy stories in Tech waiting in your inbox. Read the Noteworthy in Tech newsletter.