Automate data-source configuration in a Spring Boot application with AWS Secrets Manager

This blog post aims to guide you through the process of configuring your data source within a Spring Boot application with enhanced security and automation.

Spring boot with secrets manager

Introduction

You can configure the data source in your Spring Boot application by defining properties in your properties/yaml file.

1. You have the option to manually set your database credentials and URL in the properties file.
2. You can obtain these credentials securely from AWS Secrets Manager, a safe method for storing your credentials using AWS, and then manually create a data source.

Imagine there’s an easier way to configure your data source using Secrets Manager. Let’s dive deeper into this approach.

Steps

• Store your database credentials in AWS Secrets Manager
• Add AWS credentials in your credential provider chain (to access secrets in your spring boot app)

Please follow the steps below to create credentials in Secrets Manager:

1 . Access the Secrets Manager service within AWS.

2. Click on the “store new secret” button

3. Enter your database details according to your specific information.

e.g. Consider an example of a MySQL database where you will require details such as username, password, host, etc

4 . After creating your secret, you will be able to view it in your console as shown below.

With the database credentials set up, let’s now explore how to fetch them into the Spring Boot application.

To make it work, please follow the steps below:

1. Setup the AWS credentials first as explained above

2. Add dependencies below in your pom.xml and for more details refer this pom.xml

  <dependency>
     <groupId>com.amazonaws</groupId>
     <artifactId>aws-java-sdk-secretsmanager</artifactId>
  </dependency>
  <dependency>
     <groupId>com.amazonaws.secretsmanager</groupId>
     <artifactId>aws-secretsmanager-jdbc</artifactId>
     <version>1.0.5</version>
  </dependency>

3. Update the database properties in your app as below

spring.datasource.url = (name/path of your secrets manager)
spring.datasource.username = (name/path of your secrets manager)
spring.datasource.driver-class-name = com.amazonaws.secretsmanager.sql.AWSSecretsManagerMySQLDriver

Congratulations! Your setup is now complete. You can start your application and observe it establishing the connection with the desired database.

Conclusion

• By following this approach, you can prevent the exposure of your database credentials and ensure that your Spring Boot application’s database configuration remains highly secure.
• Access to DB credentials will exclusively be granted to individuals with AWS Secrets Manager access, allowing for controlled management of access as required.

For further details about the application, please visit the GitHub repository.

https://github.com/vishaldekar/spring-boot-with-secretsmanager.git