Configuring Spring Boot Application with AWS Secrets Manager

In modern application development, securely managing and storing sensitive data, such as private keys, service account numbers, and environment-specific configurations, is crucial. Recently, we faced a challenge where we needed to move our Spring Boot application’s secrets and configuration data from GitLab’s deployment platform storage and Docker System Environment variables to AWS Secrets Manager.

Initially, our application was connecting to the PostgreSQL database using properties passed through the pipeline environment. However, to integrate with AWS Secrets Manager, we needed to restructure and refactor the application’s flow.

Understanding Java APIs for Environment Configuration Link to heading

Java provides several APIs to interact with the application’s environment, including retrieving and setting environment variables. One such API is System.getenv(), which returns a Map<String, String> containing the current system environment variables.

Example

Map<String, String> env = System.getenv();
 
for (Map.Entry<String, String> entry : env.entrySet()) {
    System.out.println(entry.getKey() + "=" + entry.getValue());
}

Integrating AWS Secrets Manager with Spring Boot Link to heading

To integrate AWS Secrets Manager with our Spring Boot application, we used the aws-java-sdk-secretsmanager library provided by AWS. This library allows us to retrieve secrets from AWS Secrets Manager and use them in our application.

Example

import software.amazon.awssdk.services.secretsmanager.SecretsManagerClient;
import software.amazon.awssdk.services.secretsmanager.model.GetSecretValueRequest;
import software.amazon.awssdk.services.secretsmanager.model.GetSecretValueResponse;
 
SecretsManagerClient secretsManager = SecretsManagerClient.builder().build();
GetSecretValueRequest getSecretValueRequest = GetSecretValueRequest.builder()
        .secretId("YOUR_SECRET_ARN")
        .build();
 
GetSecretValueResponse getSecretValueResponse = null;
try {
    getSecretValueResponse = secretsManager.getSecretValue(getSecretValueRequest);
} catch (Exception e) {
    // Handle the exception
}
 
if (getSecretValueResponse.secretString() != null) {
    String secretValue = getSecretValueResponse.secretString();
    // Use the secret value in your application
}

In this example, we first create an instance of SecretsManagerClient and then use the getSecretValue method to retrieve the secret value from AWS Secrets Manager. The secretId parameter is the ARN (Amazon Resource Name) of the secret you want to retrieve. Once we have the secret value, we can use it in our application, such as setting environment variables or configuring database connections.

Conclusion Link to heading

By integrating AWS Secrets Manager with our Spring Boot application, we can securely store and retrieve sensitive data, such as database credentials and API keys. This approach improves the security and maintainability of our application, as we no longer need to store sensitive data in version control systems or Docker environment variables.