Current scenario
I have been working with Spring Cloud Config Server to supply the properties to multiple Spring Boot microservices. Currently, all the credentials (database and API keys) are mentioned in different application.yaml files for all the respective Spring boot applications.
What we want to achieve But now, want to store all the secrets for all the Spring boot applications in AWS Secret Manager, fetch from there in the Config Server, and supply them to the respective microservices. So, the responsibility of fetching the secrets from AWS Secret Manager should still remain with the Config server only.
What we have tried so far
Approach 1: We have tried to integrate AWS Secret Manager as mentioned in Spring docs below, but it seems like it is not hitting the Secret Manager to fetch the secrets from:
- https://docs.spring.io/spring-cloud-config/reference/server/environment-repository/aws-secrets-manager.html
- https://docs.spring.io/spring-cloud-config/reference/server/environment-repository/aws-secrets-manager-backend.html
What we did is, we removed all the secret properties from the respective application's application.yaml files in the Config server, and created secrets in AWS Secret Manager with the following naming convention (as mentioned in the above docs): /secret/<application name>
Approach 2: We tried to import the configs using the spring.config.import property in the Config server's application.yaml file as mentioned in the below doc:
In this case, we can access the secrets mentioned in Secret Manager in the Config server but are not able to pass them to the respective Spring boot applications. We tried to mention the secrets directly in the respective Spring boot application's application.yaml files like below, but it is not working:
application-<application name>.yaml (this file is there with the Config server)
spring:
datasource:
url: ${dbConnStr}
Here, dbConnStr is the secret mentioned in the AWS Secret Manager. When we try to access dbConnStr in the Config server itself, then it just works fine.
Both the above approaches are not working in our case. Does anyone have any idea how we can utilize AWS Secret Manager along with Spring Cloud Config Server to supply the properties to multiple other Spring boot applications?