Spring Boot | Manage your credentials using AWS Secrets Manager | RDS | JavaTechie
ฝัง
- เผยแพร่เมื่อ 15 ต.ค. 2024
- In this tutorial I’m going to show you How to use AWS secrets-manager for storing and retrieving Datasource properties of RDS and make connection from spring boot application
#javatechie #SpringBoot #AWS #SecretsManager
GitHub:
github.com/Jav...
Blogs:
/ javatechie4u
Facebook:
/ 919464521471923
guys if you like this video please do subscribe now and press the bell icon to not miss any update from Java Techie
Disclaimer/Policy:
--------------------------------
Note : All uploaded content in this channel is mine and its not copied from any community , you are free to use source code from above mentioned GitHub account
Java Techie, you helped me a lot this week at my job, thanks your video. Thanks very much!
Thank you so much!! My enjoy is watching your video.
@Basant , could you please create a video for storing JKS and Truststore files in secret manager and use them in spring boot class while making call to a third party client using rest api with sending request body?
thanks so much. well explained video series which was really helpful to get a deep idea about the deployment process of AWS very quickly. thanks again. keep it up !!! (From Sri lanka)
Thanks buddy 😊
Excellent Demo, But don't you think accessKey and SecretKey in itself credentials and we should not be storing them in properties?
Yes agreed it should be kept either in vault or AWS secret manager
Thanks for the video Basant. I have a question, we cannot deploy application to production with our access keys and secret keys. How do you deploy without using access key or secret key?
No it's required instead of keep them in project keep it external either in vault or secret manager
@@Javatechie - Thanks Basant, my question is, here we are using "our personal" Access key and secret key. Every developer cannot use his own personal keys. In this case, how do you deploy on production? Which keys will be used?
In real-time we should use organisation provided AWS account not personal one buddy 🤗
@@Javatechie - Ohh I was expecting more of using some type of IAM role and provide the configuration for that. Thanks for the help!
you have hard coded the secret key and secret ID
but it changes frequency
this is not right way to retrieve the credential
Instead of providing client id and secret in yml, we can make use of aws roles if application is deployed in EC2 and get the secret using that role.
Yes agreed ,also same we can configure in secrets manager
Can you please explain
Thanks Basant sir , it is really good that you are explaining live. I have a question on this how we can do configuration for multiple database is it possible with same or we should use parameter store
No you need to use parameter store
Is there any reference?
Good video. One more question, how to remove hardcoded secret key and access key from YAML and fetch it from secrets manager?
The way i have configured other fields in the similar way is to configure these 2 values and load them using the secret manager
@@Javatechie I don't think we can able to retrieve them in the above manner. Because accessing secret manager first we need to access AWS by using credentials(access key/secret key). My only question here is, how we can securely maintain these values(without exposing publicly)
Great explanation, I have doubt, is it not important to store the acess key and secret key like database passwords. If we have to not use access and secret key directly how can we do @javatechie. Here we are using directly by declaring in yml file.
Please provide a video for .. how transactions happen in micro services by using Sega design pattern
Thanks so much, brother. It's an amazing video.
What's the point of concealing DB credentials when you hardcode the main account's access key and secret key?
No it's Just demo which will explain how to work with AWS secret manager . Infact you can configure AWS secret and access key in secrets .
Nice. One question how app will get when there is change credentials without restart? is there any inbuilt code to handle this like spring cloud bus with config?
Thanks for the nice video. What if for the secret I fetching I need to inject the it into a property define in the property file for example application.secretkey = {{key placeholder}}. How can we achieve that ?
No we can't do that you need to get it from AWS secret object
My point is this support the password rotation? If not then any idea how that can be supported directly or we have to use cache?
is it safe to store access key id and security key id in the application.properties if not where we should keep it?
It's always risky to store in application.prioerties you should always choose one of below vault , consul , config server or cloud secret manager
could you also explain other way to integrate with secret manager in spring boot using secret manager config dependency
Please post a video A synchronous communication between micro services using apache Kafka
What is the best place to host our microservices bro azure or AWS or cloudfoundry ?
Very Good work Sir, Please Keep It Up, It take Lot of of effort to provide such point to point content in very easy way , Thanks sir
Thanks Tanuj . Yeah it really required a big effort to prepare and edit each video
Great video, realy helped me to get this working quickly. keep up the good work !!!
Very well explained. Thanks
Thank you Sir.
thx! as always your videos are always usefull
What will happen when someone gain the access of access token and secret key from .yml file. Can't it be then exploited???
Sir, a complete tutorial video on "Keycloak"...pls!🙏
Really helpful topic
Excellently explained, thanks man!
is AWS Secrets Manager an always free service from AWS?
No it's paid one
Guyz I am trying to integrate the secret Manager on on premise web server…. We have jboss eap which is connecting to cloud database now I want to mask the id and password using secret manager on the on prem server… have tried multiple method online but nothing seems to work ……does anyone have document for this will by much help
Haven't tried buddy. Will check and update
@@Javatechie thank you that will be a great help
@@Javatechie brother any breakthrough on this?
I have tried same approach but i am not able to make mysql db connection
Please add log statements and validate whether value is loading to your application or not?
Can we store jks and other certs in secrets manager and load them in spring boot?
Yes we can
@@Javatechie how can we store jks certs, as it is file there is no option use file as value in secrets manager?
but how to secure the access key ? which we already put in yaml file
You should keep this in secret
is it safe to add client id and secret key of aws in application.properties?
Yes
@@Javatechie If one can manage to get hold of client id and secret key, they can easily manage to break into credentials manager right? One simply write this client program with the given client id and secret key and can access the rds right?
Can you please create a video to call third party api from aws lambda function and handle file downloads and processing inside aws lambda function
Okay i will check
very good hands-on tutorial.
My database is rds- postgresql, tried all the settings and steps to establish connection but getting error.
org.springframework.beans.BeanInstantiationException: Failed to instantiate [javax.sql.DataSource]: Factory method 'dataSource' threw exception
I am able to connect to RDS with my account (accessKey, secretKey, region).. but with the above video, am getting exception.
any help with postgresql is appreciated.
GK.
Not sure need to check
@@Javatechie
Unable to build Hibernate SessionFactory; nested exception is java.lang.RuntimeException:
Driver org.postgresql.Driver claims to not accept
jdbcUrl, jdbc:postgres://xxxxx.xxxxx.ap-southeast-1.rds.amazonaws.com:5432/xxxxx
this is the latest error. I have specified the driverClassName, but something wrong not able to detect.
@Java Techie,
The rds secrets manager returns the engine as "postgres", while the latest driver supports "postgresql".
I have append "ql" to the engine (data source property). you get the url
jdbc:postgresql://xxxxx.xxxxx.ap-southeast-1.rds.amazonaws.com:5432/xxxxx
no complaints.. but different error now -- unable to open JDBC connection for DDL execution.. Atleast the main error is gone.
Thanks
Did you configure valid username and password while creating secret manager
@@Javatechie
Yes, the configuration is all good. The reason for the connection timeout is that my RDS is in a private subnet. This is not accessible from my local machine (windows), only accessible when the code is shipped into AWS infra (EC2) and executed.
Do you know how to create separate configuration for local environment (picking up from application-properties) and when shipped into AWS the datasource to be loaded from AWS secrets manager.
Thank you for all your help.
🙏
Which s/w you use for video recording and editing? Pls reply
I am using paid one . Please mail me javatechie4u@gmail.com
@@Javatechie I emailed you. pls reply
Nice content
Hi sir I have to configured but why used gson
can you make tutorial about AWS Parameter Store too?
Can you please create a video on AWS parameter store with springboot?
It's same as secret manager man
Good work 😊
Sir aws secret manager is an open source platform
Yes but it's chargeable as per AWS policy
thank you
How to retrieve the secret key
Bro why don’t you don’t video on quarkus Technology on reactive
I never tried this but definitely I will check
Puta de um trampo, o que antes era resumido em duas linhas do properties
Getting below error i have tried many solution but still have same issue com.mysql.cj.jdbc.exceptions.CommunicationsException: Communications link failure
The last packet sent successfully to the server was 0 milliseconds ago. The driver has not received any packets from the server.
Seems value is not loading for you . Please debug and check also cross verify with my code you might be missing something