从 AWS Secrets Manager 在 Spring 启动应用程序中导入机密
Importing secrets in Spring Boot application from AWS Secrets Manager
我使用 Credentials for other database 选项将我的 MySQL 数据库凭证存储在 AWS 机密管理器中。我想将这些凭据导入到我的 application.properties 文件中。基于我在这个线程“
- 添加了依赖项
spring-cloud-starter-aws-secrets-manager-config
- 在
application.properties 中添加了 spring.application.name = <application name> 和 spring.config.import = aws-secretsmanager: <Secret name>
- 在以下属性中使用密钥作为占位符:
spring.datasource.url = jdbc:mysql://${host}:3306/db_name
spring.datasource.username=${username}
spring.datasource.password=${password}
我在 运行 应用程序时遇到以下错误:
java.lang.IllegalStateException: Unable to load config data from 'aws-secretsmanager:<secret_name>'
Caused by: java.lang.IllegalStateException: File extension is not known to any PropertySourceLoader. If the location is meant to reference a directory, it must end in '/' or File.separator
首先,我遵循的流程是否正确?如果是,这个错误是关于什么的以及如何解决这个问题?
您正在尝试使用 spring.config.import,Spring Cloud 2.3.0 中引入了对此的支持:
https://spring.io/blog/2021/03/17/spring-cloud-aws-2-3-is-now-available
Secrets Manager
Support loading properties through spring.config.import, introduced in Spring Cloud 2020.0 Read more about integrating your
Spring Cloud applicationwiththe AWS secrets manager.
Removed the dependency to auto-configure module #526.
Dropped the dependency to javax.validation:validation-api.
Allow Secrets Manager prefix without “/” in the front #736.
In spring-cloud 2020.0.0 (aka Ilford), the bootstrap phase is no
longer enabled by default. In order enable it you need an additional
dependency:
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-bootstrap</artifactId>
<version>{spring-cloud-version}</version>
</dependency>
However, starting at spring-cloud-aws 2.3, allows import default aws'
secretsmanager keys (spring.config.import=aws-secretsmanager:) or
individual keys
(spring.config.import=aws-secretsmanager:secret-key;other-secret-key)
application.yml
spring.config.import: aws-secretsmanager:/secrets/spring-cloud-aws-sample-app
或者尽量留空:
spring.config.import=aws-secretsmanager:
因此,默认需要spring.application.name,
应用程序:
@SpringBootApplication
public class App {
private static final Logger LOGGER = LoggerFactory.getLogger(App.class);
public static void main(String[] args) {
SpringApplication.run(App.class, args);
}
@Bean
ApplicationRunner applicationRunner(@Value("${password}") String password) {
return args -> {
LOGGER.info("`password` loaded from the AWS Secret Manager: {}", password);
};
}
}
我找到了导致错误的问题。显然我添加了错误的依赖项。
根据最新文档,使用 spring.config.import 导入 AWS 机密的配置支持已从 org.springframework.cloud 移至 io.awspring.cloud。所以更新后的依赖关系将是 io.awspring.cloud:spring-cloud-starter-aws-secrets-manager-config:2.3.3 和 NOT org.springframework.cloud:spring-cloud-starter-aws-secrets-manager-config:2.2.6
我使用 我在 运行 应用程序时遇到以下错误: 首先,我遵循的流程是否正确?如果是,这个错误是关于什么的以及如何解决这个问题?Credentials for other database 选项将我的 MySQL 数据库凭证存储在 AWS 机密管理器中。我想将这些凭据导入到我的 application.properties 文件中。基于我在这个线程“
spring-cloud-starter-aws-secrets-manager-configapplication.propertiesspring.application.name = <application name> 和 spring.config.import = aws-secretsmanager: <Secret name>
spring.datasource.url = jdbc:mysql://${host}:3306/db_name
spring.datasource.username=${username}
spring.datasource.password=${password}
java.lang.IllegalStateException: Unable to load config data from 'aws-secretsmanager:<secret_name>'
Caused by: java.lang.IllegalStateException: File extension is not known to any PropertySourceLoader. If the location is meant to reference a directory, it must end in '/' or File.separator
您正在尝试使用 spring.config.import,Spring Cloud 2.3.0 中引入了对此的支持:
https://spring.io/blog/2021/03/17/spring-cloud-aws-2-3-is-now-available
Secrets Manager
Support loading properties through spring.config.import, introduced in Spring Cloud 2020.0 Read more about integrating yourSpring Cloud applicationwiththe AWS secrets manager. Removed the dependency to auto-configure module #526. Dropped the dependency to javax.validation:validation-api. Allow Secrets Manager prefix without “/” in the front #736.
In spring-cloud 2020.0.0 (aka Ilford), the bootstrap phase is no longer enabled by default. In order enable it you need an additional dependency:
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-bootstrap</artifactId>
<version>{spring-cloud-version}</version>
</dependency>
However, starting at spring-cloud-aws 2.3, allows import default aws' secretsmanager keys (spring.config.import=aws-secretsmanager:) or individual keys (spring.config.import=aws-secretsmanager:secret-key;other-secret-key)
application.yml
spring.config.import: aws-secretsmanager:/secrets/spring-cloud-aws-sample-app
或者尽量留空:
spring.config.import=aws-secretsmanager:
因此,默认需要spring.application.name,
应用程序:
@SpringBootApplication
public class App {
private static final Logger LOGGER = LoggerFactory.getLogger(App.class);
public static void main(String[] args) {
SpringApplication.run(App.class, args);
}
@Bean
ApplicationRunner applicationRunner(@Value("${password}") String password) {
return args -> {
LOGGER.info("`password` loaded from the AWS Secret Manager: {}", password);
};
}
}
我找到了导致错误的问题。显然我添加了错误的依赖项。
根据最新文档,使用 spring.config.import 导入 AWS 机密的配置支持已从 org.springframework.cloud 移至 io.awspring.cloud。所以更新后的依赖关系将是 io.awspring.cloud:spring-cloud-starter-aws-secrets-manager-config:2.3.3 和 NOT org.springframework.cloud:spring-cloud-starter-aws-secrets-manager-config:2.2.6