In modern application development, securely managing and storing sensitive data, such as private keys, service account numbers, and environment-specific configurations, is crucial. Recently, we faced a challenge where we needed to move our Spring Boot application’s secrets and configuration data from GitLab’s deployment platform storage and Docker System Environment variables to AWS Secrets Manager.

Initially, our application was connecting to the PostgreSQL database using properties passed through the pipeline environment. However, to integrate with AWS Secrets Manager, we needed to restructure and refactor the application’s flow.

Understanding Java APIs for Environment Configuration

Java provides several APIs to interact with the application’s environment, including retrieving and setting environment variables. One such API is System.getenv(), which returns a Map<String, String> containing the current system environment variables.

Here’s an example of how to iterate over the environment variables using System.getenv():

Map env = System.getenv();

for (Map.Entry entry : env.entrySet()) {

System.out.println(entry.getKey() + “=” + entry.getValue());

}

This code snippet will print out all the environment variables and their corresponding values.

Integrating AWS Secrets Manager with Spring Boot

To integrate AWS Secrets Manager with our Spring Boot application, we used the aws-java-sdk-secretsmanager library provided by AWS. This library allows us to retrieve secrets from AWS Secrets Manager and use them in our application.

Here’s an example of how to retrieve a secret from AWS Secrets Manager using the aws-java-sdk-secretsmanager library:

In this example, we first create an instance of SecretsManagerClient and then use the getSecretValue method to retrieve the secret value from AWS Secrets Manager. The secretId parameter is the ARN (Amazon Resource Name) of the secret you want to retrieve.

Once we have the secret value, we can use it in our application, such as setting environment variables or configuring database connections.

Conclusion

By integrating AWS Secrets Manager with our Spring Boot application, we can securely store and retrieve sensitive data, such as database credentials and API keys. This approach improves the security and maintainability of our application, as we no longer need to store sensitive data in version control systems or Docker environment variables.