Unable to Pass AWS Secrets Manager Secrets to Spring Boot Application Properties via Spring Cloud Config Server

[SweKast9]

Type: Bug

Component: Secrets Manager

Describe the bug:
Spring Cloud Config Server serves as centralised config server to supply the properties to multiple Spring Boot micro services(i.e clients). It should load non critical properties from native(i.e classpath) and critical properties from secrets manager.

In short, the responsibility of fetching the secrets from AWS Secret Manager should still remain with the Config server only.

Approach -1:

Using AWS Secrets Manager as a backend, As suggested here https://docs.spring.io/spring-cloud-config/reference/server/environment-repository/aws-secrets-manager.html

Issue: This is not at all working. Meaning, I don't see Loading secrets from AWS Secret Manager secret with name:**** in the startup logs.

Approach -2:

Used spring.config.import as suggested here https://docs.awspring.io/spring-cloud-aws/docs/3.0.0-SNAPSHOT/reference/html/index.html#spring-cloud-aws-secrets-manager

This was working, I could finally see my secret being loaded from 'AWS Secrets Manager'.
I tested it with @Value, and my service successfully printed the loaded value.

Issue: The issue is that the placeholders in app.yml or app-dev.yml located in the resources (i.e., path: config/${my-app}/application-dev.yml) are not being replaced. At any given time, it only loads from a single EnvironmentRepository (i.e., EnvironmentRepository.findOne). What I want is for it to load properties from multiple environments, including both native (i.e.,class path) and AWS Secrets Manager.

Approach -3:

I tried by enabling 'composite' profile as suggested here https://docs.spring.io/spring-cloud-config/reference/server/environment-repository/composite-repositories.html

Issue: I get an issue when i tried to use aws-secretsmanager as one of the composite's type (i.e no issue with native type). I don't see AwsSecretsManagerEnvironmentRepositoryFactory loaded. Please see the attached images for more reference.

Code:

I expect the placeholders to be replaced with the values fetched from AWS Secrets Manager.

Secrets Manager Config:

Note:

• Confirmed that AWS Secrets Manager is retrieving data correctly by logging the output during startup.

@Bean ApplicationRunner myRunner(@Value("${username}")String username){ return args -> { System.out.println(username); }; }

• Please note that, I have upgraded my spring-boot version to 3.4.* and spring-cloud to 4.2.* and spring-cloud-aws-starter-secrets-manager to 3.3.*, but the issue remains unresolved.

[ryanjbaxter]

Approach 2 is not something we can address in this repo, you would have to create an issue in spring-cloud-aws for that specific issue.

In approach 1 and 2 you need to have the following dependency on your classpath

                <dependency>
			<groupId>software.amazon.awssdk</groupId>
			<artifactId>secretsmanager</artifactId>
		</dependency>

Please provide a sample that reproduces the issue so we can make sure we are on the same page.

[spring-cloud-issues]

If you would like us to look at this issue, please provide the requested information. If the information is not provided within the next 7 days this issue will be closed.