The real question is: why did you stop making these videos? Last one in the channel (the current one) is 9 months old. The material is really good and to the point and really useful for learning about Spring and AWS. I specially liked the one about LocalStack and TestContainers.
I have to add it's not that the AWS maintains 2 passwords at once so that you can connect. What happened really is that the connection was already open when the password changed, therefore it continued to work. Until the program restart, of course.
Maaaaaaan, you must come back! Why are you taking such a big break between your videos ??? I thought I finally found awesome content about Spring boot. We need you. Please come back :) Or if you have some paid courses, give us a link.
great explanation Maciej ..One thing I would like to know is using aws-secretsmanager-jdbc library if the application is using old password and now if secrets rotation happens how application works without restarting it ? I mean how application establishes the connection with new password without restarting ?
This approach works fine for spring data source using jdbc template but not working with spring boot jpa applications.Any idea?? Error: ERROR o.s.boot.SpringApplication.reportFailure - Application run failed org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'entityManagerFactory' defined in class path resource [org/springframework/boot/autoconfigure/orm/jpa/HibernateJpaConfiguration.class]: Unsatisfied dependency expressed through method 'entityManagerFactory' parameter 0; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'entityManagerFactoryBuilder' defined in class path resource [org/springframework/boot/autoconfigure/orm/jpa/HibernateJpaConfiguration.class]: Unsatisfied dependency expressed through method 'entityManagerFactoryBuilder' parameter 0; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'jpaVendorAdapter' defined in class path resource [org/springframework/boot/autoconfigure/orm/jpa/HibernateJpaConfiguration.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.springframework.orm.jpa.JpaVendorAdapter]: Factory method 'jpaVendorAdapter' threw exception; nested exception is java.lang.RuntimeException: Driver com.mysql.cj.jdbc.Driver claims to not accept jdbcUrl, jdbc-secretsmanager:mysql://hostname:3306/dbname
I might have missed something, but why did your local application have permission to access the secretmanager? kind of looks like everyone could get your passwords from the secret manager.
I have AWS CLI set up on my localhost so you would need to have access key and secret set up to access password manager. Anyway this is not the setup you should have for real world application - it's a shortcut I took similar to having public access to the database to focus in this video on things that matter the most.
Thanks for the video. One question, do we have any way to hide the real url of database such like username and password. Anyway thank you your video to get me an idea for this situation.
I follow the instruction but I dont know why my DB's password is not encrypt and it's still show the plain text. For example your password is myscecret and after creating the key, it's still show myscecret. Can you give me the advise?
Guyz I am trying to integrate the secret Manager on on premise web server…. We have jboss eap which is connecting to cloud database now I want to mask the id and password using secret manager on the on prem server… have tried multiple method online but nothing seems to work ……does anyone have document for this will by much help
i am using aurora postgresql and its not working. does the url change when i switch to the secrets manager (not the prefix, the host part or port part i mean)? also, my db is in a private subnet. i dont have to change any roles, policies, security groups right? thanks.
Reason: Unable to find a region via the region provider chain. Must provide an explicit region in the builder or setup environment to supply a region. getting this error. please advise.
Failed to initialize pool: Invalid name. Must be a valid name containing alphanumeric characters, or any of the following: -/_+=.@! ... Any idea how can fix this?
Hi, one more time. How we can rotate DB password using AWS SM, but at our local DB - not from the RDS list? For example, I would back to REDIS. We have Redis(we haven't Redis engine in AWS RDS), and we need to change a password for him every month(It's would be nice if you send some tutorials how we can change this value programicaly). This is my poc, but I really want to know how to provide the secret to DB , which we haven't in RDS variability(or have, but we don't want to use RDS). (mb, we need a specific configuration?) And thx for your great work. Your channel is really helpful. Better on TH-cam.
I didn't work with password rotation in redis. I think this may be useful for you aws.amazon.com/about-aws/whats-new/2019/10/amazon-elasticache-announces-support-for-modifying-redis-authentication-tokens/
@@SpringAcademy Thx for your fast response, no info about Redis pass rotation in net and that is soo sad. Because very often we need to save data storage in production using pass rotation. And if RDS engines have simple API - we cant talk in this way about NoSQL API's.
Hi Thanks for a wonderful tuitorial, I am getting an error on spring.datasource.driver-class-name=com.amazonaws.secretsmanager.sql.AWSSecretsManagerPostgreSQLDriver Error is : Failed to bind properties under '' to com.zaxxer.hikari.HikariDataSource: Property: driver-class-name Value: com.amazonaws.secretsmanager.sql.AWSSecretsManagerPostgreSQLDriver Origin: "driverClassName" from property source "source" Reason: Unable to find a region via the region provider chain. Must provide an explicit region in the builder or setup environment to supply a region. Current Property file entries are : spring.datasource.url=jdbc-secretsmanager:postgresql://database-2.cvsjlkvjytkt.us-east-2.rds.amazonaws.com/postgres spring.datasource.driver-class-name=com.amazonaws.secretsmanager.sql.AWSSecretsManagerPostgreSQLDriver spring.datasource.username=/secrets/my-app/db Can you please help on this issue
Hey Arun! Are you getting this when running locally or on AWS environment? If locally, you need to have AWS CLI Set up, meaning in ~.awc/credentials have properties for secret key, access key and region.
The real question is: why did you stop making these videos? Last one in the channel (the current one) is 9 months old. The material is really good and to the point and really useful for learning about Spring and AWS. I specially liked the one about LocalStack and TestContainers.
This was what I was looking for.. really helped me... great explanation .. Subscribed!
Awesome! Thanks for feedback I'm very happy to have you here 🙂
In case you can point to all the documentation from with you have made this it will help. This effort too was quite helpful. Thank you for posting
Really great tutorial. Thank you for showing the alternative (aws-secretsmanager-jdbc library) to that Java code snippet.
I have to add it's not that the AWS maintains 2 passwords at once so that you can connect. What happened really is that the connection was already open when the password changed, therefore it continued to work. Until the program restart, of course.
Really like your video format!
Thanks for the excellent video.
As usual great content.
Thank you!
Maaaaaaan, you must come back! Why are you taking such a big break between your videos ???
I thought I finally found awesome content about Spring boot.
We need you. Please come back :)
Or if you have some paid courses, give us a link.
Thank you! From mid February if all goes well I'll have dedicated time for Spring Academy so stay tuned 🙂
The real good one. Thanks
Thank you so much for this awesowe video.
great explanation Maciej ..One thing I would like to know is using aws-secretsmanager-jdbc library if the application is using old password and now if secrets rotation happens how application works without restarting it ? I mean how application establishes the connection with new password without restarting ?
Nice video, i was struggling to write lambda. But now i came to know lambda is automatically written
well explained
Thank you!
golden tutorial
Thank you!
Amy idea how to handle this same scenario in NodeJs?
This approach works fine for spring data source using jdbc template but not working with spring boot jpa applications.Any idea??
Error:
ERROR o.s.boot.SpringApplication.reportFailure - Application run failed
org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'entityManagerFactory' defined in class path resource [org/springframework/boot/autoconfigure/orm/jpa/HibernateJpaConfiguration.class]: Unsatisfied dependency expressed through method 'entityManagerFactory' parameter 0; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'entityManagerFactoryBuilder' defined in class path resource [org/springframework/boot/autoconfigure/orm/jpa/HibernateJpaConfiguration.class]: Unsatisfied dependency expressed through method 'entityManagerFactoryBuilder' parameter 0; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'jpaVendorAdapter' defined in class path resource [org/springframework/boot/autoconfigure/orm/jpa/HibernateJpaConfiguration.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.springframework.orm.jpa.JpaVendorAdapter]: Factory method 'jpaVendorAdapter' threw exception; nested exception is java.lang.RuntimeException: Driver com.mysql.cj.jdbc.Driver claims to not accept jdbcUrl, jdbc-secretsmanager:mysql://hostname:3306/dbname
If you are using AWS Academy, you need to update the credentials located in ~/.aws/credentials to the latest one
I might have missed something, but why did your local application have permission to access the secretmanager? kind of looks like everyone could get your passwords from the secret manager.
I have AWS CLI set up on my localhost so you would need to have access key and secret set up to access password manager. Anyway this is not the setup you should have for real world application - it's a shortcut I took similar to having public access to the database to focus in this video on things that matter the most.
After rotating secret in secret manager, do we not needed to update the new password in RDS?
Thanks for the video. One question, do we have any way to hide the real url of database such like username and password. Anyway thank you your video to get me an idea for this situation.
And use instance or cluster Id instead of passing URL? This is likely doable but not trivial
Nice video...
I follow the instruction but I dont know why my DB's password is not encrypt and it's still show the plain text. For example your password is myscecret and after creating the key, it's still show myscecret. Can you give me the advise?
Welcome back
Thanks! If it pays my bills I could do it full time ;)
Is something similar available for ruby to connect to postgres? So that the password can be pulled dynamically and secret rotation also talen care.
Do you have any solution without server reboot to adjust db properties instantly?
Hello, Can you please share your example repo (spring-boot-secrets-manager-jdbc-demo) with us ? Thank you for gr8 session
Guyz I am trying to integrate the secret Manager on on premise web server…. We have jboss eap which is connecting to cloud database now I want to mask the id and password using secret manager on the on prem server… have tried multiple method online but nothing seems to work ……does anyone have document for this will by much help
i am using aurora postgresql and its not working. does the url change when i switch to the secrets manager (not the prefix, the host part or port part i mean)? also, my db is in a private subnet. i dont have to change any roles, policies, security groups right? thanks.
I haven't tried it with Aurora but I believe it should work
Do you need the client id and the client secret as environment variables in order for this to work?
When you run it on EC2 once you get IAM policies right it will work. On local you should ideally have AWS SDK configured.
Reason: Unable to find a region via the region provider chain. Must provide an explicit region in the builder or setup environment to supply a region.
getting this error. please advise.
I guess it happens when you run on localhost? Make sure to configure AWS CLI
Failed to initialize pool: Invalid name. Must be a valid name containing alphanumeric characters, or any of the following: -/_+=.@! ...
Any idea how can fix this?
Hi, one more time. How we can rotate DB password using AWS SM, but at our local DB - not from the RDS list? For example, I would back to REDIS. We have Redis(we haven't Redis engine in AWS RDS), and we need to change a password for him every month(It's would be nice if you send some tutorials how we can change this value programicaly). This is my poc, but I really want to know how to provide the secret to DB , which we haven't in RDS variability(or have, but we don't want to use RDS). (mb, we need a specific configuration?)
And thx for your great work. Your channel is really helpful. Better on TH-cam.
I didn't work with password rotation in redis. I think this may be useful for you aws.amazon.com/about-aws/whats-new/2019/10/amazon-elasticache-announces-support-for-modifying-redis-authentication-tokens/
@@SpringAcademy Thx for your fast response, no info about Redis pass rotation in net and that is soo sad. Because very often we need to save data storage in production using pass rotation. And if RDS engines have simple API - we cant talk in this way about NoSQL API's.
Is there a way using this dependency to make the data source url dynamic, including the port number?
I am also looking how we can read host port from same secretsmanager..instead of hadcoding
How it works with amazon documentdb?
Sir,
Please suggest me subjects to become full stack java developer and best Datastructure course.
Thanks in advance.
Can you please provide me this application code for testing, Please share github link for the same code?
Anyone help me instead of Spring boot i need to use node js any idea about this.
Thanks :)
With NodeJS you can always use just the AWS SDK for Javascript.
Any one know how to do in python using fast api?
What about documentDB=
Hi Thanks for a wonderful tuitorial, I am getting an error on spring.datasource.driver-class-name=com.amazonaws.secretsmanager.sql.AWSSecretsManagerPostgreSQLDriver
Error is :
Failed to bind properties under '' to com.zaxxer.hikari.HikariDataSource:
Property: driver-class-name
Value: com.amazonaws.secretsmanager.sql.AWSSecretsManagerPostgreSQLDriver
Origin: "driverClassName" from property source "source"
Reason: Unable to find a region via the region provider chain. Must provide an explicit region in the builder or setup environment to supply a region.
Current Property file entries are :
spring.datasource.url=jdbc-secretsmanager:postgresql://database-2.cvsjlkvjytkt.us-east-2.rds.amazonaws.com/postgres
spring.datasource.driver-class-name=com.amazonaws.secretsmanager.sql.AWSSecretsManagerPostgreSQLDriver
spring.datasource.username=/secrets/my-app/db
Can you please help on this issue
Hey Arun! Are you getting this when running locally or on AWS environment? If locally, you need to have AWS CLI Set up, meaning in ~.awc/credentials have properties for secret key, access key and region.
Hi @@SpringAcademy I was trying to run locally. Thaks for a valuable information.
@Spring Academy - if I want to run it on local system, can you suggest a way to setup region explicitly if possible to fix this problem
Great, give an application FULL grants over RDS... Bad idea.