This article demonstrates how to use AWS Secrets Manager with Java applications to securely store and retrieve sensitive information. It covers creating secrets and accessing them using the AWS SDK for Java
Introduction
Effectively managing secrets like database passwords and API keys is crucial for maintaining the security and integrity of applications. With AWS Secrets Manager, developers can securely store their secrets and retrieve them programmatically. AWS Secrets Manager allows you to automatically rotate secrets and replicate them to multiple AWS Regions. For more details, see AWS Secrets Manager.
In this article, we'll create a secret using AWS Secrets Manager and retrieve that programmatically in Java.
Creating secrets in AWS Secrets Manager
-
Open AWS Management Console and navigate to AWS Secrets Manager
-
Click on Store a new secret
-
On Choose secret type screen
- For Secret Type, choose Other type of secret
- For key enter your secret key. In this example we will enter
password
. This will create a secret with key "password"
- For key value enter the your secret's value. In this example we will enter a strong password value.
- Click Next
-
On Configure secret screen
- For secret name enter the name of your secret. In our example we will enter
repost/test/secret
- Click Next
-
On Configure rotation - optional screen, Click Next
-
On Review screen, review the details and Click Store
Retrieving secret in Java SDK
To implement the following code in your project, add the SecretsManager library to your classpath. If you're using Maven, achieve this by adding the following to your dependencies:
<dependency>
<groupId>software.amazon.awssdk</groupId>
<artifactId>secretsmanager</artifactId>
</dependency>
Following is the sample code for retrieving the secret in Java
import software.amazon.awssdk.regions.Region;
import software.amazon.awssdk.services.secretsmanager.SecretsManagerClient;
import software.amazon.awssdk.services.secretsmanager.model.GetSecretValueRequest;
import software.amazon.awssdk.services.secretsmanager.model.GetSecretValueResponse;
public class SecretsManagerDemo {
public static void main(String[] args) {
String secretName = "repost/test/secret";
Region region = Region.of("us-east-1");
SecretsManagerClient client = SecretsManagerClient.builder()
.region(region)
.build();
GetSecretValueRequest getSecretValueRequest = GetSecretValueRequest.builder()
.secretId(secretName)
.build();
GetSecretValueResponse getSecretValueResponse;
try {
getSecretValueResponse = client.getSecretValue(getSecretValueRequest);
} catch (Exception e) {
throw e;
}
String secret = getSecretValueResponse.secretString();
}
}
Above code uses the SecretsManagerClient to gets the secret with name repost/test/secret
from AWS Secrets Manager and stores it in the String variable secret
. The value of the variable is in the JSON format {"password":"PASSWORD_VALUE"}
where PASSWORD_VALUE is the actual value of the secret. You can use JSON parser to get the value of the password
secret key
The code retrieves a secret named repost/test/secret
from AWS Secrets Manager using SecretsManagerClient. It stores the result in a String variable secret, which contains JSON data in the format {"password":"PASSWORD_VALUE"}. You can use a JSON parser to extract the actual password value from this JSON string.
Summary
In this article, we explored how to use AWS Secrets Manager to securely manage sensitive information in Java applications. We covered the process of creating secrets in AWS Secrets Manager and demonstrated how to retrieve these secrets programmatically using the AWS SDK for Java. By implementing AWS Secrets Manager, developers can enhance their application's security, avoiding common pitfalls like hard-coding credentials or storing them in plain text files. This approach provides a robust solution for handling sensitive data, allowing for centralized management and the potential for automated secret rotation.