spring-cloud-aws: Secrets Manager doesn't work

Type: Bug

Component: Secrets Manager

Describe the bug Created a secrets manager with name service-local. (Changing the name of the secret is out of question) Tried following configurations with spring.config.import

  • spring.config.import=aws-secretsmanager:/secret/service-local
  • spring.config.import=aws-secretsmanager:/service-local
  • spring.config.import=aws-secretsmanager:service-local
  • spring.config.import=aws-secretsmanager:secret/service-local
  • spring.config.import=service-local
  • spring.config.import=/secret/service-local
  • spring.config.import=secret-arn … e.t.c.

Gives the following exception every single time. Takes secrets name as /secret/null_local every time at startup.

Caused by: com.amazonaws.services.secretsmanager.model.ResourceNotFoundException: Secrets Manager can't find the specified secret. (Service: AWSSecretsManager; Status Code: 400; Error Code: ResourceNotFoundException

About this issue

  • Original URL
  • State: closed
  • Created 2 years ago
  • Comments: 16 (11 by maintainers)

Most upvoted comments

@rajadilipkolli It’s working now with the fix, thanks.

So, the trick is to set the aws endpoint and access/secret keys before Spring Cloud AWS starts initialising SecretsManager using System.setProperty() as soon as LocalStack container is started.

I would suggest couple of minor changes in your sample:

  • Instead of setting spring.cloud.aws.credentials.access/secret-key in default application.properties these values can be set in test profile or in static block where LocalStack container is started.
  • With recent Testcontainers version, no need to specify services .withServices(SECRETSMANAGER)
  • Instead of setting secretsmanager specific properties such as spring.cloud.aws.secretsmanager.endpoint, you can set generic spring.cloud.aws.endpoint that works for any service.

Although it is working fine now, one thing I haven’t understood is the significance of where to specify spring.config.import property.

If we specify spring.config.import property in static block using System.setProperty() or using @DynamicPropertySource it is not working. If we specify the property either in application-test.properties or through @SpringBootTest(properties = {"spring.config.import=aws-secretsmanager:/spring/secret"}) it is working fine.

A sample repo: https://github.com/sivaprasadreddy/spring-boot-aws-kitchensink

+1
sivaprasadreddy on Jun 7, 2023
Read more comments on GitHub
← spring-cloud-aws: Application cannot register SSM client
laravel-visits: Predis\Response\ServerException thrown with message "WRONGTYPE Operation against a key holding the wrong kind of value" →