3

Have a spring boot app (with starter parent at 2.4.8).

The app is connecting to multiple data sources, and the automated Jenkins job being used to create secrets across company does it such a way that although secrets names are different(per app/source) but they all have same value underneath - 'username' and 'password' text.

For example:

  1. first secret would be '/secret/rds/dev/foo/foo_app_user' with value:

       username : user1 
   password: pass1

  2. second secret would be '/secret/snowflake/dev/hoo/hoo_app_user' with value:

        username : user2
    password: pass2

Trying to figure out how can they both be imported using spring config import, while still being able to be used distinctively in properties/yaml file

  spring:
     config:
        import: aws secretsmanager:/secret/rds/dev/foo/foo_app_user,/secret/snowflake/dev/hoo/hoo_app_user


...
system:
  cache:
    username: ${username}
    password: ${password}



....
snowflake:
   datasource:
        username: ${username}
        password: ${password}
Arpit S
  • 137
  • 2
  • 10

1 Answers1

0

3 days ago 13th Jan, 2023 this issue has been fixed. Commit ref

With spring cloud 3.0.x (dependent on spring boot 3.0.x) you can add prefix

spring:
     config:
        import: 
          - aws-secretsmanager:/secret/rds/dev/foo/foo_app_user?prefix=foo_app.
          - aws-secretsmanager:/secret/snowflake/dev/hoo/hoo_app_user?prefix=hoo_app.

Now as a workaround for spring cloud version 2.4.x we have

  • copied the class AwsSecretsManagerPropertySource into our codebase in package io.awspring.cloud.secretsmanager. Code Ref
  • Then use similler implementation approach as version 3.0.x. Code Ref

PS: Don't change the class signature. Method name, constructor param should be same as version 2.4.x

Edit: 5th Feb, 2023

With new 2.4.3 version you can pass the same prefix. No need to do workaround.

Snigdhajyoti
  • 1,327
  • 10
  • 26
  • i am trying to use above approach (adding prefix) in my spring boot app (Spring Boot version 2.7.8, JDK 11), by copying the class AwsSecretsManagerPropertySource and trying to customize implementation, but getting mixed up. Appreciate if you can please give some more clarity, to help achieve solution quicker, to meet project needs ? – Arpit S Feb 05 '23 at 05:11
  • Use new version `2.4.3`, my fix got merged. No need for this workaround – Snigdhajyoti Feb 05 '23 at 11:14
  • apologies, still getting error, i am using below in pom ->spring-cloud.version>2021.0.5, spring-cloud-aws-version>2.4.3 with spring boot 2.7.8. Upon reading secret spring.config. import as -> aws-secretsmanager:/secret/spring-boot-app?prefix=foo getting error in app java.lang.IllegalStateException: Unable to load config data from 'aws-secretsmanager:/secret/spring-boot-app?prefix=foo' at – Arpit S Feb 05 '23 at 16:28
  • java.lang.IllegalStateException: Unable to load config data from 'aws-secretsmanager:/secret/spring-boot-app?prefix=foo' at org.springframework.boot.context.config.StandardConfigDataLocationResolver.getReferences(StandardConfigDataLocationResolver.java:141) ..Caused by: java.lang.IllegalStateException: File extension is not known to any PropertySourceLoader. If the location is meant to reference a directory, it must end in '/' or File.separator at org.springframework.boot.context.config.StandardConfigDataLocationResolver.getReferencesForFile(StandardConfigDataLocationResolver.java:229) – Arpit S Feb 05 '23 at 16:30
  • without `?prefix=foo` is your application running? from the error it is not able to identify `aws-secretsmanager` property source class – Snigdhajyoti Feb 05 '23 at 19:10
  • with/without prefix, was only able to run with -> spring cloud version - 2021.0.5 , spring cloud aws version - 3.0.0-M2, spring boot version 2.7.7, JDK 11. Other dependencies is io.awsspring.cloud / spring-cloud-aws-starter-secrets-manager – Arpit S Feb 06 '23 at 00:44
  • Just to be clear, only able to read secret in spring boot app with spring cloud aws version 3.0.0-M2 without preifx (see previous comment). – Arpit S Feb 06 '23 at 16:54
  • spring cloud aws that Im using is `2.2.6`. But this prefix thing has nothing to do with spring cloud aws. Also cloud version `3.0.0-M2` will have breaking change due to spring version compatibility, better to stick to `2.x.x` unless you are going spring boot `3.0.0`. you only need `io.awspring.cloud:spring-cloud-starter-aws-secrets-manager-config` version minimum `2.4.3` if your spring boot version is `2.x.x` – Snigdhajyoti Feb 07 '23 at 01:44
  • added a sample project, still unable to make it work. could you take a look please https://github.com/jobas2007/aws-secret-demo – Arpit S Feb 24 '23 at 22:50
  • Its working fine, you need to add few config as you are running on localstack. Created PR to fix: https://github.com/jobas2007/aws-secret-demo/pull/1/files Once validated please merge – Snigdhajyoti Mar 01 '23 at 18:24