Skip to content
This repository was archived by the owner on Jan 19, 2022. It is now read-only.

Allow adding any arbitrary AWS Secrets Manager secrets #515

Closed
tvrmsmith opened this issue Dec 12, 2019 · 5 comments
Closed

Allow adding any arbitrary AWS Secrets Manager secrets #515

tvrmsmith opened this issue Dec 12, 2019 · 5 comments
Labels
component: secrets-manager Secrets Manager integration related issue
Milestone
2.3

Comments

@tvrmsmith
Copy link

tvrmsmith commented Dec 12, 2019
edited
Loading

It would be great if we could add additional AWS Secrets Manager secrets as property sources. Currently, I'd like to use the RDS secrets feature as well as other secrets, but the current way of adding secrets makes it difficult to do this.

It could be configured something like:

aws:
  secretsmanager:
    additional-secrets:
      - /secret/secret1
      - /secret/secret2
@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged label Dec 12, 2019
@maciejwalkowiak maciejwalkowiak added the component: secrets-manager Secrets Manager integration related issue label May 29, 2020
@maciejwalkowiak
Copy link
Contributor

maciejwalkowiak commented Jun 6, 2020
edited
Loading

@tvrmsmith just so that I understand it correctly - these additional secrets would contains raw values and everything after prefix (/secret/) would be a property name?

@maciejwalkowiak maciejwalkowiak added status: waiting-for-feedback We need additional information before we can continue and removed status: waiting-for-triage An issue we've not yet triaged labels Jun 6, 2020
@eddumelendez
Copy link
Contributor

I think this link can be useful to understand the proposal. @tvrmsmith is what you meant?

@maciejwalkowiak
Copy link
Contributor

In case of RDS password I would like us to use this library in 3.0 https://github.com/aws/aws-secretsmanager-jdbc. I have it working in the prototype (... and made video about it how to use this library ;-) https://www.youtube.com/watch?v=gIbr6-AR6T8)

@maciejwalkowiak maciejwalkowiak mentioned this issue Jun 19, 2020
Closed
@nhomble
Copy link

nhomble commented Nov 2, 2020
edited
Loading

Instead of an array of strings, maybe we should be a little more flexible and allow users to configure the desired name as well? I think we're going to hit a wall if we only depend on the library to interpret the secret name from the path. Maybe like

aws:
  secretsmanager:
    additional-secrets:
      secret1:
        path: /secret/secret1
      different.name:
        path: /secret/secret2

and then I would be able to pull the secret from Environment with .getProperty("secret1") or .getProperty("different.name")

@nickcaballero
Copy link

Agreed with @nhomble. I have a similar implementation of this via a PropertyResolver.

@maciejwalkowiak maciejwalkowiak added this to the 2.3 milestone Nov 24, 2020
@maciejwalkowiak maciejwalkowiak removed the status: waiting-for-feedback We need additional information before we can continue label Nov 24, 2020
@maciejwalkowiak maciejwalkowiak mentioned this issue Nov 24, 2020
Merged
maciejwalkowiak added a commit to awspring/spring-cloud-aws that referenced this issue Dec 19, 2020
@eddumelendez @maciejwalkowiak
Add aws-secretsmanager: prefix config import (spring-attic/spring-clo…
13906a8 
…ud-aws#721)

In `spring-boot` 2.4, `Volume Mounted Config Directory Trees` was
added. This commit introduces the prefix `aws-secretsmanager:` which
will resolve the values given the configuration properties supported
by secrets manager integration. Also, if keys are added after the
prefix then just these will be resolved.

Use: `aws-secretsmanager:` or `aws-secretsmanager:my-secret-key` or
`aws-secretsmanager:my-secret-key;my-anoter-secret-key`

Closes spring-attic/spring-cloud-aws#655
Closes spring-attic/spring-cloud-aws#515

Co-authored-by: Maciej Walkowiak <[email protected]>
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
component: secrets-manager Secrets Manager integration related issue
Milestone
2.3
Development

No branches or pull requests
6 participants
@nickcaballero @tvrmsmith @maciejwalkowiak @eddumelendez @nhomble @spring-projects-issues