使用AWS Secrets Manager
我目前正在使用Eclipse和AWS Toolkit for Eclipse。我的项目已经正常工作,它正在完成它的工作,即连接到RDS实例并将JSON对象返回到API网关调用。
我刚刚获得了新的要求,我们将使用服务SecretsManager自动轮换RDS配置,例如用户,密码等。
问题是当我尝试导入GetSecretValueResponse等类时,我得到The import com.amazonaws.services.secretsmanager cannot be resolved。当我浏览文档和SDK时,存在GetSecretValueRequest而不是GetSecretValueResponse,所以我无法理解我应该做什么,也没有找到类似于示例的内容我可以学习。
以下代码是我正在尝试实现的内容,由亚马逊自己提供(在Secrets Manager页面中有一个按钮,您可以单击以查看它将如何与Java一起使用,在这种情况下),并呈现没有任何修改,因为正如我所说,我不知道如何导入几个类:
// Use this code snippet in your app.
public static void getSecret() {
String secretName = "secretName";
String endpoint = "secretEndpoint";
String region = "region";
AwsClientBuilder.EndpointConfiguration config = new AwsClientBuilder.EndpointConfiguration(endpoint, region);
AWSSecretsManagerClientBuilder clientBuilder = AWSSecretsManagerClientBuilder.standard();
clientBuilder.setEndpointConfiguration(config);
AWSSecretsManager client = clientBuilder.build();
String secret;
ByteBuffer binarySecretData;
GetSecretValueRequest getSecretValueRequest = GetSecretValueRequest.builder()
.withSecretId(secretName)
.build();
GetSecretValueResponse getSecretValueResponse = null;
try {
getSecretValueResponse = client.getSecretValue(getSecretValueRequest);
} catch(ResourceNotFoundException e) {
System.out.println("The requested secret " + secretName + " was not found");
} catch (InvalidRequestException e) {
System.out.println("The request was invalid due to: " + e.getMessage());
} catch (InvalidParameterException e) {
System.out.println("The request had invalid params: " + e.getMessage());
}
if(getSecretValueResponse == null) {
return;
}
// Decrypted secret using the associated KMS CMK
// Depending on whether the secret was a string or binary, one of these fields will be populated
if(getSecretValueResponse.getSecretString() != null) {
secret = getSecretValueResponse.getSecretString();
}
else {
binarySecretData = getSecretValueResponse.getSecretBinary();
}
// Your code goes here.
}
6 个答案:
答案 0 :(得分:4)
我遇到了同样的问题,AWS页面上的代码并不是开箱即用的。您要找的班级是GetSecretValueResult
这是最新的java文档
这是一件可行的作品:
public void printRdsSecret() throws IOException {
String secretName = "mySecretName";
System.out.println("Requesting secret...");
AWSSecretsManager client = AWSSecretsManagerClientBuilder.standard().build();
GetSecretValueRequest getSecretValueRequest = new GetSecretValueRequest().withSecretId(secretName);
GetSecretValueResult getSecretValueResult = client.getSecretValue(getSecretValueRequest);
System.out.println("secret retrieved ");
final String secretBinaryString = getSecretValueResult.getSecretString();
final ObjectMapper objectMapper = new ObjectMapper();
final HashMap<String, String> secretMap = objectMapper.readValue(secretBinaryString, HashMap.class);
String url = String.format("jdbc:postgresql://%s:%s/dbName", secretMap.get("host"), secretMap.get("port"));
System.out.println("Secret url = "+url);
System.out.println("Secret username = "+secretMap.get("username"));
System.out.println("Secret password = "+secretMap.get("password"));
}
使用版本aws-java-sdk-secretsmanager
1.11.337对此进行了测试
答案 1 :(得分:1)
答案 2 :(得分:1)
我认为主要问题是缺少对 AWS SDK v2 的依赖。
在此处添加使用 AWS SDK v2 的代码段。万一有人在寻找这个。
package com.may.util;
import software.amazon.awssdk.regions.Region;
import software.amazon.awssdk.services.secretsmanager.SecretsManagerClient;
import software.amazon.awssdk.services.secretsmanager.model.DecryptionFailureException;
import software.amazon.awssdk.services.secretsmanager.model.GetSecretValueRequest;
import software.amazon.awssdk.services.secretsmanager.model.GetSecretValueResponse;
import software.amazon.awssdk.services.secretsmanager.model.InternalServiceErrorException;
import software.amazon.awssdk.services.secretsmanager.model.InvalidParameterException;
import software.amazon.awssdk.services.secretsmanager.model.InvalidRequestException;
import software.amazon.awssdk.services.secretsmanager.model.ResourceNotFoundException;
public class SecretsManagerUtil {
public static String obtainSecret() {
String secretName = "db_secret_name";
String region = "us-east-1";
SecretsManagerClient client = SecretsManagerClient.builder().region(Region.of(region)).build();
GetSecretValueResponse response = null;
try {
response = client.getSecretValue(GetSecretValueRequest.builder().secretId(secretName).build());
} catch (DecryptionFailureException e) {
// Secrets Manager can't decrypt the protected secret text using the provided KMS key.
// Deal with the exception here, and/or rethrow at your discretion.
throw e;
} catch (InternalServiceErrorException e) {
// An error occurred on the server side.
// Deal with the exception here, and/or rethrow at your discretion.
throw e;
} catch (InvalidParameterException e) {
// You provided an invalid value for a parameter.
// Deal with the exception here, and/or rethrow at your discretion.
throw e;
} catch (InvalidRequestException e) {
// You provided a parameter value that is not valid for the current state of the resource.
// Deal with the exception here, and/or rethrow at your discretion.
throw e;
} catch (ResourceNotFoundException e) {
// We can't find the resource that you asked for.
// Deal with the exception here, and/or rethrow at your discretion.
throw e;
}
return response.secretString();
}
}
反序列化并打印机密:
public class SecretPrinter {
private static final Logger logger = LoggerFactory.getLogger(SecretPrinter.class);
public void printSecret() {
String json = SecretsManagerUtil.obtainSecret(); // secret in json format
RdsSecret secret;
try {
secret = new ObjectMapper().disable(FAIL_ON_UNKNOWN_PROPERTIES).readValue(json, RdsSecret.class);
} catch (IOException e) {
logger.error("Couldn't parse secret obtained from AWS Secrets Manager!");
throw new RuntimeException(e);
}
System.out.println("username: " + secret.getUsername());
System.out.println("password: " + secret.getPassword());
}
static class RdsSecret {
private String username;
private String password;
public String getUsername() {
return username;
}
public void setUsername(String username) {
this.username = username;
}
public String getPassword() {
return password;
}
public void setPassword(String password) {
this.password = password;
}
}
}
行家:
<dependencyManagement>
<dependencies>
<dependency>
<groupId>software.amazon.awssdk</groupId>
<artifactId>bom</artifactId>
<version>2.6.3</version>
<type>pom</type>
<scope>import</scope>
</dependency>
</dependencies>
</dependencyManagement>
<dependency>
<groupId>software.amazon.awssdk</groupId>
<artifactId>secretsmanager</artifactId>
</dependency>
等级:
implementation platform('software.amazon.awssdk:bom:2.6.3')
implementation 'software.amazon.awssdk:secretsmanager'
答案 3 :(得分:1)
我建议使用aws secret manger jdbc包装器访问RDS(https://github.com/aws/aws-secretsmanager-jdbc)。在传递给RDS客户端之前,您无需处理获取秘密,解码并使用文本中的密码来回移动。
只需将秘密ID传递给RDS客户端,然后jdbc包装程序将处理其余部分。
答案 4 :(得分:1)
aws-secretsmanager-jdbc 可用于通过AWS Secrete Manager访问AWS RDS。 https://github.com/aws/aws-secretsmanager-jdbc
下面是我的application.properties的内容
spring.datasource.url=jdbc-secretsmanager:mysql://dev-xxxx-database.cluster-xxxxxxxxx.ap-southeast-1.rds.amazonaws.com:3306/dev_xxxxxx
spring.datasource.username=/secret/application
spring.datasource.driver-class-name=com.amazonaws.secretsmanager.sql.AWSSecretsManagerMySQLDriver
spring.jpa.database-platform = org.hibernate.dialect.MySQL5Dialect
以下是AWS Secret Manager中的秘密。
使用此方法,您无需手动获取用户名和密码并创建数据源。
答案 5 :(得分:0)
您缺少“ aws-java-sdk-secretsmanager”依赖性,必须将其添加到pom.xml中,然后导入到Java类中。
来自Maven:
<dependency>
<groupId>com.amazonaws</groupId>
<artifactId>aws-java-sdk-secretsmanager</artifactId>
<version>1.11.355 </version>
</dependency>
如果您不使用Maven,则您有add AWS SDK to your existing project.
相关问题
最新问题
- 我写了这段代码,但我无法理解我的错误
- 我无法从一个代码实例的列表中删除 None 值,但我可以在另一个实例中。为什么它适用于一个细分市场而不适用于另一个细分市场?
- 是否有可能使 loadstring 不可能等于打印?卢阿
- java中的random.expovariate()
- Appscript 通过会议在 Google 日历中发送电子邮件和创建活动
- 为什么我的 Onclick 箭头功能在 React 中不起作用?
- 在此代码中是否有使用“this”的替代方法?
- 在 SQL Server 和 PostgreSQL 上查询,我如何从第一个表获得第二个表的可视化
- 每千个数字得到
- 更新了城市边界 KML 文件的来源?