使用 AWS Secrets Manager 管理 RDS 访问
[英]Manage RDS access with AWS Secrets Manager
问题描述
我目前正在使用 Eclipse 和 AWS Toolkit for Eclipse。 我的项目已经运行,它正在完成它的工作,即连接到 RDS 实例并将 JSON 对象返回给 API 网关调用。
我刚刚有一个新需求,我们要使用服务 SecretsManager 来自动轮换 RDS 配置,例如用户、密码等。
问题是当我尝试导入诸如GetSecretValueResponse之类的类时,我得到一个The import com.amazonaws.services.secretsmanager cannot be resolved 。 当我浏览文档和 SDK 时,存在GetSecretValueRequest但不存在GetSecretValueResponse ,因此我无法理解我应该做什么,也找不到与我可以研究的示例类似的任何内容。
以下代码是我正在尝试实现的,由亚马逊自己提供(在 Secrets Manager 页面中有一个按钮,您可以单击以查看 go 与 Java 在这种情况下的效果如何),并且在没有任何修改的情况下呈现但是因为正如我所说,我不知道如何导入几个类:
// Use this code snippet in your app.
public static void getSecret() {
String secretName = "secretName";
String endpoint = "secretEndpoint";
String region = "region";
AwsClientBuilder.EndpointConfiguration config = new AwsClientBuilder.EndpointConfiguration(endpoint, region);
AWSSecretsManagerClientBuilder clientBuilder = AWSSecretsManagerClientBuilder.standard();
clientBuilder.setEndpointConfiguration(config);
AWSSecretsManager client = clientBuilder.build();
String secret;
ByteBuffer binarySecretData;
GetSecretValueRequest getSecretValueRequest = GetSecretValueRequest.builder()
.withSecretId(secretName)
.build();
GetSecretValueResponse getSecretValueResponse = null;
try {
getSecretValueResponse = client.getSecretValue(getSecretValueRequest);
} catch(ResourceNotFoundException e) {
System.out.println("The requested secret " + secretName + " was not found");
} catch (InvalidRequestException e) {
System.out.println("The request was invalid due to: " + e.getMessage());
} catch (InvalidParameterException e) {
System.out.println("The request had invalid params: " + e.getMessage());
}
if(getSecretValueResponse == null) {
return;
}
// Decrypted secret using the associated KMS CMK
// Depending on whether the secret was a string or binary, one of these fields will be populated
if(getSecretValueResponse.getSecretString() != null) {
secret = getSecretValueResponse.getSecretString();
}
else {
binarySecretData = getSecretValueResponse.getSecretBinary();
}
// Your code goes here.
}
7 个解决方案
解决方案1
8 已采纳 2018-06-13 17:11:16
我遇到了同样的问题,AWS 页面上的代码无法立即使用。 您正在寻找的类是GetSecretValueResult这里是最新的 java 文档
这是一个可以工作的部分:
public void printRdsSecret() throws IOException {
String secretName = "mySecretName";
System.out.println("Requesting secret...");
AWSSecretsManager client = AWSSecretsManagerClientBuilder.standard().build();
GetSecretValueRequest getSecretValueRequest = new GetSecretValueRequest().withSecretId(secretName);
GetSecretValueResult getSecretValueResult = client.getSecretValue(getSecretValueRequest);
System.out.println("secret retrieved ");
final String secretBinaryString = getSecretValueResult.getSecretString();
final ObjectMapper objectMapper = new ObjectMapper();
final HashMap<String, String> secretMap = objectMapper.readValue(secretBinaryString, HashMap.class);
String url = String.format("jdbc:postgresql://%s:%s/dbName", secretMap.get("host"), secretMap.get("port"));
System.out.println("Secret url = "+url);
System.out.println("Secret username = "+secretMap.get("username"));
System.out.println("Secret password = "+secretMap.get("password"));
}
这是使用版本1.11.337 aws-java-sdk-secretsmanager 1.11.337
解决方案2
4 2019-07-06 20:53:20
我认为主要问题是缺乏对AWS SDK v2的依赖。
在此处添加使用AWS SDK v2的代码片段。 以防万一有人在找这个。
package com.may.util;
import software.amazon.awssdk.regions.Region;
import software.amazon.awssdk.services.secretsmanager.SecretsManagerClient;
import software.amazon.awssdk.services.secretsmanager.model.DecryptionFailureException;
import software.amazon.awssdk.services.secretsmanager.model.GetSecretValueRequest;
import software.amazon.awssdk.services.secretsmanager.model.GetSecretValueResponse;
import software.amazon.awssdk.services.secretsmanager.model.InternalServiceErrorException;
import software.amazon.awssdk.services.secretsmanager.model.InvalidParameterException;
import software.amazon.awssdk.services.secretsmanager.model.InvalidRequestException;
import software.amazon.awssdk.services.secretsmanager.model.ResourceNotFoundException;
public class SecretsManagerUtil {
public static String obtainSecret() {
String secretName = "db_secret_name";
String region = "us-east-1";
SecretsManagerClient client = SecretsManagerClient.builder().region(Region.of(region)).build();
GetSecretValueResponse response = null;
try {
response = client.getSecretValue(GetSecretValueRequest.builder().secretId(secretName).build());
} catch (DecryptionFailureException e) {
// Secrets Manager can't decrypt the protected secret text using the provided KMS key.
// Deal with the exception here, and/or rethrow at your discretion.
throw e;
} catch (InternalServiceErrorException e) {
// An error occurred on the server side.
// Deal with the exception here, and/or rethrow at your discretion.
throw e;
} catch (InvalidParameterException e) {
// You provided an invalid value for a parameter.
// Deal with the exception here, and/or rethrow at your discretion.
throw e;
} catch (InvalidRequestException e) {
// You provided a parameter value that is not valid for the current state of the resource.
// Deal with the exception here, and/or rethrow at your discretion.
throw e;
} catch (ResourceNotFoundException e) {
// We can't find the resource that you asked for.
// Deal with the exception here, and/or rethrow at your discretion.
throw e;
}
return response.secretString();
}
}
反序列化并打印机密:
public class SecretPrinter {
private static final Logger logger = LoggerFactory.getLogger(SecretPrinter.class);
public void printSecret() {
String json = SecretsManagerUtil.obtainSecret(); // secret in json format
RdsSecret secret;
try {
secret = new ObjectMapper().disable(FAIL_ON_UNKNOWN_PROPERTIES).readValue(json, RdsSecret.class);
} catch (IOException e) {
logger.error("Couldn't parse secret obtained from AWS Secrets Manager!");
throw new RuntimeException(e);
}
System.out.println("username: " + secret.getUsername());
System.out.println("password: " + secret.getPassword());
}
static class RdsSecret {
private String username;
private String password;
public String getUsername() {
return username;
}
public void setUsername(String username) {
this.username = username;
}
public String getPassword() {
return password;
}
public void setPassword(String password) {
this.password = password;
}
}
}
马文:
<dependencyManagement>
<dependencies>
<dependency>
<groupId>software.amazon.awssdk</groupId>
<artifactId>bom</artifactId>
<version>2.6.3</version>
<type>pom</type>
<scope>import</scope>
</dependency>
</dependencies>
</dependencyManagement>
<dependency>
<groupId>software.amazon.awssdk</groupId>
<artifactId>secretsmanager</artifactId>
</dependency>
摇篮:
implementation platform('software.amazon.awssdk:bom:2.6.3')
implementation 'software.amazon.awssdk:secretsmanager'
解决方案3
3 2019-11-05 04:22:15
aws-secretsmanager-jdbc可用于通过 AWS秘密管理器访问 AWS RDS。 https://github.com/aws/aws-secretsmanager-jdbc
以下是我的 application.properties 的内容
spring.datasource.url=jdbc-secretsmanager:mysql://dev-xxxx-database.cluster-xxxxxxxxx.ap-southeast-1.rds.amazonaws.com:3306/dev_xxxxxx
spring.datasource.username=/secret/application
spring.datasource.driver-class-name=com.amazonaws.secretsmanager.sql.AWSSecretsManagerMySQLDriver
spring.jpa.database-platform = org.hibernate.dialect.MySQL5Dialect
以下是 AWS 秘密管理器中的秘密。
使用此方法,您无需手动获取用户名和密码并创建数据源。
解决方案4
1 2019-03-20 08:02:37
只需将 lib 添加到您的 pom: https : //mvnrepository.com/artifact/com.amazonaws/aws-java-sdk-secretsmanager
解决方案5
1 2019-08-14 00:27:09
我建议使用 aws 秘密管理器 jdbc 包装器来访问 RDS ( https://github.com/aws/aws-secretsmanager-jdbc )。 在传递给 RDS 客户端之前,您无需处理获取秘密、解码和使用文本中的密码移动。
只需将秘密 id 传递给 RDS 客户端,jdbc 包装器将处理其余的工作。
解决方案6
0 2020-08-23 22:28:07
您缺少“aws-java-sdk-secretsmanager”依赖项,您必须将其添加到您的 pom.xml 中,然后导入您的 java 类。
来自 Maven:
<dependency>
<groupId>com.amazonaws</groupId>
<artifactId>aws-java-sdk-secretsmanager</artifactId>
<version>1.11.355 </version>
</dependency>
如果您没有使用 maven,则您已将AWS 开发工具包添加到现有项目中。
解决方案7
0 2022-09-23 14:13:27
我遇到了同样的问题。 只需从依赖项中删除 scope 行,即“测试”。 它会工作
在 Spring 引导中存储 AWS Secrets Manager 的 accessKey 和 secretKey 的位置
[英]Where to store the accessKey and secretKey for AWS Secrets Manager in Spring Boot
使用 AWS-SDK Java 的 AWS Secrets Manager 更新密钥请求
[英]AWS Secrets Manager Update Secret Request Using AWS-SDK Java
从 AWS Secrets Manager 读取值并替换 Springboot 属性值中的占位符
[英]Read value from AWS Secrets Manager and replace a placeholder in the Springboot property values
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.
相关问题
带有 aws Secrets manager 的 spring boot 无法运行
无法在 AWS 中使用 JDBC 访问 RDS
在 Spring 引导中存储 AWS Secrets Manager 的 accessKey 和 secretKey 的位置
使用 AWS-SDK Java 的 AWS Secrets Manager 更新密钥请求
从 AWS Secrets Manager 读取值并替换 Springboot 属性值中的占位符
您如何从AWS访问RDS数据库
AWS RDS 到 AWS ES
无法将 sam 本地 api 连接到机密管理器
AWS RDS CPU利用率100%
使用 JDBC 连接到 AWS RDS 实例
相关标签