DZone
Thanks for visiting DZone today,
Edit Profile
  • Manage Email Subscriptions
  • How to Post to DZone
  • Article Submission Guidelines
Sign Out View Profile
  • Post an Article
  • Manage My Drafts
Over 2 million developers have joined DZone.
Log In / Join
Please enter at least three characters to search
Refcards Trend Reports
Events Video Library
Refcards
Trend Reports

Events

View Events Video Library

Zones

Culture and Methodologies Agile Career Development Methodologies Team Management
Data Engineering AI/ML Big Data Data Databases IoT
Software Design and Architecture Cloud Architecture Containers Integration Microservices Performance Security
Coding Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks
Culture and Methodologies
Agile Career Development Methodologies Team Management
Data Engineering
AI/ML Big Data Data Databases IoT
Software Design and Architecture
Cloud Architecture Containers Integration Microservices Performance Security
Coding
Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance
Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks

Last call! Secure your stack and shape the future! Help dev teams across the globe navigate their software supply chain security challenges.

Modernize your data layer. Learn how to design cloud-native database architectures to meet the evolving demands of AI and GenAI workloads.

Releasing software shouldn't be stressful or risky. Learn how to leverage progressive delivery techniques to ensure safer deployments.

Avoid machine learning mistakes and boost model performance! Discover key ML patterns, anti-patterns, data strategies, and more.

Related

  • A Guide to Using Amazon Bedrock Prompts for LLM Integration
  • Keep Your Application Secrets Secret
  • Spring Boot: Handle AWS RDS Password Change or Rotation Without Restarting
  • Spring Config Integration With a PCF Application: A Step-by-Step Guide

Trending

  • DZone's Article Submission Guidelines
  • A Complete Guide to Modern AI Developer Tools
  • Is Agile Right for Every Project? When To Use It and When To Avoid It
  • Automating Data Pipelines: Generating PySpark and SQL Jobs With LLMs in Cloudera
  1. DZone
  2. Software Design and Architecture
  3. Integration
  4. Integrate AWS Secrets Manager in Spring Boot Application

Integrate AWS Secrets Manager in Spring Boot Application

A guide for integration of AWS Secrets Manager in Spring Boot. This service will load the secrets at runtime and keep the sensitive information away from the code.

By 
Aakash Jangid user avatar
Aakash Jangid
·
Mar. 21, 23 · Tutorial
Likes (3)
Comment
Save
Tweet
Share
11.8K Views

Join the DZone community and get the full member experience.

Join For Free

Introduction

In this article, we will understand the integration of AWS Secrets Manager in the Spring Boot Application. This service will load the secrets at runtime and make sure to keep the sensitive information away from the code.

Context

When we work on a Spring Boot Application, we have an application.properties file based on the different profiles (environment). In these files, we keep all the information related to the configuration of the Spring Boot application. The file contains database credentials and other sensitive information like any credentials or ftp server's endpoint along with credentials. This sensitive information is not recommended to be put directly into the code for security concerns. To avoid such vulnerabilities in our application, we have to take several measures in order to ensure the security of sensitive information.

There are several ways to secure this information. We can define server arguments to load such details, and other ways are there too. As we are using AWS, there is a service available for the same. The service of AWS which we can use to store sensitive information and credentials is Secrets Manager. In this document, we will see how to integrate the AWS Secrets Manager and load all the secrets at the runtime and make our application secure.

What Is AWS Secrets Manager?

AWS Secrets Manager is an AWS service that makes it easier for you to manage secrets. Secrets can be database credentials, passwords, third-party API keys, and even arbitrary text. You can store and control access to these secrets centrally by using the Secrets Manager console, the Secrets Manager command-line interface (CLI), or the Secrets Manager API and SDKs.

Secrets Manager

Let's create the secrets first.

In order to create the secrets, we need to log in to our AWS Console, and there, we have to search for the Secrets Manager in the service lists.

search for the Secrets Manager in the service list

Now, we have to create new secrets by simply selecting the following type from the selection options, and we can create secrets there in the form of key and value. Here, we can add any number of secrets we want for our purpose.

Choose secret type

After creating all the secrets in the key-value pair, we have to click next, and we have to provide the name of the secret. By this name only, we can retrieve the values in our application. 

Provide name and description

Once we complete this step, we will click on next, and there it will ask for a couple of configuration-related things which we have to select as per our requirement. If we want simple storage of secrets, we will let other configurations as it is and will move to the final screen of setting up the AWS secrets.

Sample code

After successfully storing the secrets, we will now move to our Spring Boot application to retrieve the secrets there. In order to integrate the AWS Secrets Manager in our application, we need to add the Secrets Manager dependency in our pom.xml

In this article, we are using Spring Boot 2.7.3 version. Add the below dependency in the pom.xml as it is compatible with this version. You can change the version of dependency based on the version of your Spring Boot application.

XML
 
<dependency>
	<groupId>io.awspring.cloud</groupId>
	<artifactId>spring-cloud-starter-aws-secrets-manager-config</artifactId>
	<version>2.3.0</version>
</dependency>


Note: The groupId for the secrets manager is changed. Earlier, it was org.springframework.cloud

Once you add the above dependency, now you have to import the secrets into our application. In this approach, we will be loading all the secrets at the bootstrap time of our application. The advantage of using this approach is that all the secrets will be available at the bootstrap time, and the information which is needed for the configuration in Spring Boot, such as database credentials and information needed in order to create beans, will be available. We need to add the below line in our application.properties file in order to import all the secrets.

Properties files
 
spring.config.import= aws-secretsmanager: shs-portal-dev


In this config, we are simply importing the secrets from AWS. The prefix aws-secretsmanager is needed in order to tell spring to load the config from AWS. In case the secrets are not available, we do not want our application to fail at the bootstrap, so we will add optional in the below manner to make the import optional.

Properties files
 
spring.config.import= optional:aws-secretsmanager: shs-portal-dev


Once this is done, we will start our Spring Boot application, and we will find the below line in the console. This line tells us that spring is loading the secrets from AWS Secrets Manager.

spring in loading

As we have seen, the following line in our logs ensures that secrets have been loaded successfully. In order to use them, we must use $ and {} to retrieve the value wherever needed.

secrets loaded successfully

We can also retrieve the values in java code with the help of @Value annotation.

Note: If there is any error coming in regards to the bootstrap class in logs and the application fails to start, use the exclusion given below with the secrets manager dependency.

XML
 
<dependency>
	<groupId>io.awspring.cloud</groupId>
	<artifactId>spring-cloud-starter-aws-secrets-manager-config</artifactId>
	<version>2.3.0</version>
	<exclusion>
		<groupId>org.springframework.cloud</groupId>
		<artifactId>spring-cloud-context</artifactId>
	</exclusion>
</dependency>


AWS application Spring Boot Integration

Opinions expressed by DZone contributors are their own.

Related

  • A Guide to Using Amazon Bedrock Prompts for LLM Integration
  • Keep Your Application Secrets Secret
  • Spring Boot: Handle AWS RDS Password Change or Rotation Without Restarting
  • Spring Config Integration With a PCF Application: A Step-by-Step Guide

Partner Resources

×

Comments
Oops! Something Went Wrong

The likes didn't load as expected. Please refresh the page and try again.

ABOUT US

  • About DZone
  • Support and feedback
  • Community research
  • Sitemap

ADVERTISE

  • Advertise with DZone

CONTRIBUTE ON DZONE

  • Article Submission Guidelines
  • Become a Contributor
  • Core Program
  • Visit the Writers' Zone

LEGAL

  • Terms of Service
  • Privacy Policy

CONTACT US

  • 3343 Perimeter Hill Drive
  • Suite 100
  • Nashville, TN 37211
  • support@dzone.com

Let's be friends:

Likes
There are no likes...yet! 👀
Be the first to like this post!
It looks like you're not logged in.
Sign in to see who liked this post!