Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Unable to Pass AWS Secrets Manager Secrets to Spring Boot Application Properties via Spring Cloud Config Server #2792

Open
SweKast9 opened this issue Mar 17, 2025 · 1 comment

Comments

@SweKast9
Copy link

Type: Bug

Component: Secrets Manager

Describe the bug:
Spring Cloud Config Server serves as centralised config server to supply the properties to multiple Spring Boot micro services(i.e clients). It should load non critical properties from native(i.e classpath) and critical properties from secrets manager.

In short, the responsibility of fetching the secrets from AWS Secret Manager should still remain with the Config server only.

Approach -1:

Using AWS Secrets Manager as a backend, As suggested here https://docs.spring.io/spring-cloud-config/reference/server/environment-repository/aws-secrets-manager.html

Issue: This is not at all working. Meaning, I don't see Loading secrets from AWS Secret Manager secret with name:**** in the startup logs.

Approach -2:

Used spring.config.import as suggested here https://docs.awspring.io/spring-cloud-aws/docs/3.0.0-SNAPSHOT/reference/html/index.html#spring-cloud-aws-secrets-manager

This was working, I could finally see my secret being loaded from 'AWS Secrets Manager'.
I tested it with @Value, and my service successfully printed the loaded value.

Issue: The issue is that the placeholders in app.yml or app-dev.yml located in the resources (i.e., path: config/${my-app}/application-dev.yml) are not being replaced. At any given time, it only loads from a single EnvironmentRepository (i.e., EnvironmentRepository.findOne). What I want is for it to load properties from multiple environments, including both native (i.e.,class path) and AWS Secrets Manager.

Approach -3:

I tried by enabling 'composite' profile as suggested here https://docs.spring.io/spring-cloud-config/reference/server/environment-repository/composite-repositories.html

Issue: I get an issue when i tried to use aws-secretsmanager as one of the composite's type (i.e no issue with native type). I don't see AwsSecretsManagerEnvironmentRepositoryFactory loaded. Please see the attached images for more reference.

Image Image

Code:

Image Image

I expect the placeholders to be replaced with the values fetched from AWS Secrets Manager.

Image

Secrets Manager Config:

Image

Note:

  • Confirmed that AWS Secrets Manager is retrieving data correctly by logging the output during startup.

@Bean ApplicationRunner myRunner(@Value("${username}")String username){ return args -> { System.out.println(username); }; }

  • Please note that, I have upgraded my spring-boot version to 3.4.* and spring-cloud to 4.2.* and spring-cloud-aws-starter-secrets-manager to 3.3.*, but the issue remains unresolved.
@ryanjbaxter
Copy link
Contributor

Approach 2 is not something we can address in this repo, you would have to create an issue in spring-cloud-aws for that specific issue.

In approach 1 and 2 you need to have the following dependency on your classpath

                <dependency>
			<groupId>software.amazon.awssdk</groupId>
			<artifactId>secretsmanager</artifactId>
		</dependency>

Please provide a sample that reproduces the issue so we can make sure we are on the same page.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants