I followed the GCP documentation: (https://cloud.google.com/secret-manager/docs/creating-and-accessing-secrets) for retrieving Secrets.
The only difference is that I am running the application with the Spring framework so my main module starts with a main and Spring Application lines of code.
Unfortunately, I am getting an error with the following stack trace:
Exception in thread "main"
com.google.api.gax.rpc.UnavailableException:
io.grpc.StatusRuntimeException: UNAVAILABLE: Credentials failed to
obtain metadata at
com.google.api.gax.rpc.ApiExceptionFactory.createException(ApiExceptionFactory.java:67)
at
com.google.api.gax.grpc.GrpcApiExceptionFactory.create(GrpcApiExceptionFactory.java:72)
at
com.google.api.gax.grpc.GrpcApiExceptionFactory.create(GrpcApiExceptionFactory.java:60)
at
com.google.api.gax.grpc.GrpcExceptionCallable$ExceptionTransformingFuture.onFailure(GrpcExceptionCallable.java:97)
at com.google.api.core.ApiFutures$1.onFailure(ApiFutures.java:67) at
com.google.common.util.concurrent.Futures$CallbackListener.run(Futures.java:1132)
at
com.google.common.util.concurrent.DirectExecutor.execute(DirectExecutor.java:31)
at
com.google.common.util.concurrent.AbstractFuture.executeListener(AbstractFuture.java:1270)
at
com.google.common.util.concurrent.AbstractFuture.complete(AbstractFuture.java:1038)
at
com.google.common.util.concurrent.AbstractFuture.setException(AbstractFuture.java:808)
at
io.grpc.stub.ClientCalls$GrpcFuture.setException(ClientCalls.java:563)
at
io.grpc.stub.ClientCalls$UnaryStreamToFuture.onClose(ClientCalls.java:533)
at
io.grpc.PartialForwardingClientCallListener.onClose(PartialForwardingClientCallListener.java:39)
at
io.grpc.ForwardingClientCallListener.onClose(ForwardingClientCallListener.java:23)
at
io.grpc.ForwardingClientCallListener$SimpleForwardingClientCallListener.onClose(ForwardingClientCallListener.java:40)
at
com.google.api.gax.grpc.ChannelPool$ReleasingClientCall$1.onClose(ChannelPool.java:535)
at
io.grpc.internal.ClientCallImpl.closeObserver(ClientCallImpl.java:562)
at io.grpc.internal.ClientCallImpl.access$300(ClientCallImpl.java:70)
at
io.grpc.internal.ClientCallImpl$ClientStreamListenerImpl$1StreamClosed.runInternal(ClientCallImpl.java:743)
at
io.grpc.internal.ClientCallImpl$ClientStreamListenerImpl$1StreamClosed.runInContext(ClientCallImpl.java:722)
at io.grpc.internal.ContextRunnable.run(ContextRunnable.java:37) at
io.grpc.internal.SerializingExecutor.run(SerializingExecutor.java:133)
at
java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
at
java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
at java.base/java.lang.Thread.run(Thread.java:858) Suppressed:
com.google.api.gax.rpc.AsyncTaskException: Asynchronous task failed
at
com.google.api.gax.rpc.ApiExceptions.callAndTranslateApiException(ApiExceptions.java:57)
at com.google.api.gax.rpc.UnaryCallable.call(UnaryCallable.java:112)
at
com.google.cloud.secretmanager.v1.SecretManagerServiceClient.accessSecretVersion(SecretManagerServiceClient.java:1279)
at
com.google.cloud.secretmanager.v1.SecretManagerServiceClient.accessSecretVersion(SecretManagerServiceClient.java:1215)
at
com.recontool.readSecrets.AccessSecretVersion.accessSecretVersion(AccessSecretVersion.java:39)
at
com.recontool.readSecrets.AccessSecretVersion.main(AccessSecretVersion.java:25)
Caused by: io.grpc.StatusRuntimeException: UNAVAILABLE: Credentials
failed to obtain metadata at
io.grpc.StatusRuntimeException.fillInStackTrace(StatusRuntimeException.java:68)
at
io.grpc.StatusRuntimeException.<init>(StatusRuntimeException.java:58)
at
io.grpc.StatusRuntimeException.<init>(StatusRuntimeException.java:50)
at io.grpc.Status.asRuntimeException(Status.java:535) ... 14 more
Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building
failed: sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target at
java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)
at
java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:371)
at
java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:314)
at
java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:309)
at
java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1351)
at
java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1226)
at
java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1169)
at
java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396)
at
java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480)
at
java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:458)
at
java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:201)
at
java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:172)
at
java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1505)
at
java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1420)
at
java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:455)
at
java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:426)
at
java.base/sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:578)
at
java.base/sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:183)
at
java.base/sun.net.www.protocol.http.HttpURLConnection.getOutputStream0(HttpURLConnection.java:1430)
at
java.base/sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1401)
at
java.base/sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:220)
at
com.google.api.client.http.javanet.NetHttpRequest.execute(NetHttpRequest.java:113)
at
com.google.api.client.http.javanet.NetHttpRequest.execute(NetHttpRequest.java:84)
at
com.google.api.client.http.HttpRequest.execute(HttpRequest.java:1012)
at
com.google.auth.oauth2.UserCredentials.doRefreshAccessToken(UserCredentials.java:277)
at
com.google.auth.oauth2.UserCredentials.refreshAccessToken(UserCredentials.java:191)
at
com.google.auth.oauth2.OAuth2Credentials$1.call(OAuth2Credentials.java:257)
at
com.google.auth.oauth2.OAuth2Credentials$1.call(OAuth2Credentials.java:254)
at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
... 3 more Caused by: sun.security.validator.ValidatorException: PKIX
path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to
find valid certification path to requested target at
java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:388)
at
java.base/sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:271)
at
java.base/sun.security.validator.Validator.validate(Validator.java:256)
at
java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:231)
at
java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:132)
at
java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335)
... 27 more Caused by:
sun.security.provider.certpath.SunCertPathBuilderException: unable to
find valid certification path to requested target at
java.base/sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
at
java.base/sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
at
java.base/java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297)
at
java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:383)
... 32 more
Any suggestions what I am doing wrong?
Thanks, David
Code snippet:
public static void main(String[] args) throws IOException {
SpringApplication.run(AccessSecretVersion.class, args);
String projectId = ..
String String secretId = ..
String versionId = "2";
accessSecretVersion(projectId, secretId, versionId);
}
public static void accessSecretVersion(String projectId, String secretId, String versionId)
throws IOException {
// Initialize client that will be used to send requests. This client only needs to be created
// once, and can be reused for multiple requests. After completing all of your requests, call
// the "close" method on the client to safely clean up any remaining background resources.
try (SecretManagerServiceClient client = SecretManagerServiceClient.create()) {
SecretVersionName secretVersionName = SecretVersionName.of(projectId, secretId, versionId);
// Access the secret version.
AccessSecretVersionResponse response = client.accessSecretVersion(secretVersionName);
// Verify checksum. The used library is available in Java 9+.
// If using Java 8, you may use the following:
// https://github.com/google/guava/blob/e62d6a0456420d295089a9c319b7593a3eae4a83/guava/src/com/google/common/hash/Hashing.java#L395
byte[] data = response.getPayload().getData().toByteArray();
Checksum checksum = new CRC32C();
checksum.update(data, 0, data.length);
if (response.getPayload().getDataCrc32C() != checksum.getValue()) {
System.out.printf("Data corruption detected.");
return;
}
// Print the secret payload.
//
// WARNING: Do not print the secret in a production environment - this
// snippet is showing how to access the secret material.
String payload = response.getPayload().getData().toStringUtf8();
System.out.printf("Plaintext: %s\n", payload);
}
}
}
