secrets-manager | This library will help you to decouple your application of your secrets provider | AWS library
kandi X-RAY | secrets-manager Summary
kandi X-RAY | secrets-manager Summary
This library will help you to decouple your application of your secrets provider. It supports the following conectors to get secrets:.
Support
Quality
Security
License
Reuse
Top functions reviewed by kandi - BETA
- Converts a string to a model model
- Converts a JSON string into an object
- Get the GsonUtils instance
- Gets the secret
- The path
- Gets the secret with the given name
- Returns the value of the given secret
- Get secret by name
- Get the secret associated with the given secret name
- Builds the client
- Gets the credentials provider chain
- Set the secret directory
- Builds an async client
- Initializes the cache
- Set region
- Set the region
- Gets the secret value
secrets-manager Key Features
secrets-manager Examples and Code Snippets
Community Discussions
Trending Discussions on secrets-manager
QUESTION
I am pretty new at the AWS SDK world, and my first project is to collect information from secrets using a Spring Application.
I have been using this document https://docs.aws.amazon.com/prescriptive-guidance/latest/patterns/manage-credentials-using-aws-secrets-manager.html all good with the code but something I cannot wrap my head around is the "endpoint", where do I find this information inside AWS web console? Is it something that companies can personalize?
This would be the first cooperative project... Thanks in advance for the help.
...ANSWER
Answered 2021-Apr-30 at 18:04Here's the list of public endpoints for AWS Secrets Manager. You would pick the one for the AWS region you are using. If you aren't using a VPC endpoint then you can probably just leave that blank or null
, the AWS SDK should pick the endpoint automatically based on the region.
QUESTION
I am trying to retrieve from aws secret manager key value pairs and pass them to my azure SQL Server. Regarding aws secret manager I am using this module.
...ANSWER
Answered 2021-Apr-02 at 12:531- Retrieve metadata information about a Secrets Manager secret, via aws secrets manager data resource
QUESTION
Below is the code that I'm running via a Lambda function with full SecretsManagerReadWrite permission on its role:
...ANSWER
Answered 2021-Mar-17 at 15:37I've solved the issue (typical that it's minutes after posting)
The error states that it's expecting a member with key 'secretId', however it needs to be passed as 'SecretId' - note the uppercase first character
After changing the param passed to the constructor of the command to be the latter key, it now works...
QUESTION
I have been trying to find a way to use ASP .NET Core 2.1 and retrieve secrets from Secret Manager in AWS.
I found a great blog post and it appears to compile/run without errors but I cannot for the life of me figure out how to access the secrets.
Any help would be appreciated!
https://andrewlock.net/secure-secrets-storage-for-asp-net-core-with-aws-secrets-manager-part-1/
My code:
...ANSWER
Answered 2021-Mar-05 at 19:30OK - so your question is how to READ a secret. Let's try different tutorials:
Example 1: use SecretsManager (much like your original tutorial is doing):
https://nimblegecko.com/how-to-use-aws-secret-manager-secrets-in-dotnet-core-application/
QUESTION
ON GCP,I need to use 2 GCP project; One is for web-application, the other is for storing secrets for web-application ( which structure comes from google's repository
As written in README, I'll store secrets using GCP Secret Manager
procedure I'm planningThis project is allocated for GCP Secret Manager for secrets shared by the organization.
- prj-secret : create secrets in secrets-manager
- prj-application : read secret using kubernetes-external-secrets
in prj-application I want to use workload identity , because I don't want to use as serviceaccountkey doc saying
What I didcreate cluser with
-workload-pool=project-id.svc.id.goog
optionhelm install kubernetes-external-secrets
[skip] kubectl create namespace k8s-namespace ( because I install kubernetes-external-secrets on
default
name space)[skip] kubectl create serviceaccount --namespace k8s-namespace ksa-name ( because I use
default
serviceaccount with exist by default when creating GKE)create google-service-account with
module "workload-identity
ANSWER
Answered 2021-Feb-04 at 19:51You have an issue in your role binding I think. When you say this:
kubernetes_serviceaccount called external-secrets-kubernetes-external-secrets was already created when installing kubernetes-external-secrets with helm. and it bind k8s_sa_name &' external-secrets-kubernetes@my-project-id.iam.gserviceaccount.com, which has ["roles/secretmanager.admin","roles/secretmanager.secretAccessor"].
It's unclear.
external-secrets-kubernetes@my-project-id.iam.gserviceaccount.com,
is created on which project? I guess in prj-application, but not clear.
- I take the assumption (with the name and the link with the cluster) that the service account is created in the prj-application. you grant the role
"roles/secretmanager.admin","roles/secretmanager.secretAccessor"
on which resource?
- On the IAM page of the prj-application?
- On the IAM page of the prj-secret?
- On the secretId of the secret in the prj-secret?
If you did the 1st one, it's the wrong binding, the service account can only access to the secret of the prj-application, and not these of prj-secret.
Note, if you only need to access the secret, don't grand the admin role, only the accessor is required.
QUESTION
I'm developing a new Spring Boot application that will interact with an AWS-Postgres database. The serverless DB is hosted in a different AWS account and its secrets are stored in Secretmanager.
How can I effectively fetch the DB credentials from a cross-account secret manager?
In a POC, I did this by constructing a secret manager client using STSAssumeRoleSessionCredentials
like this
ANSWER
Answered 2020-Oct-04 at 22:44You are right, it can be further simplified on code side.
Let's say accountA has secrets and accountB is your app account. Current implementation does the following:
- A client is created inside the accountB using accountA credentials (AssumeRole is followed and is a best practice)
- Secrets are fetched and then used.
What could be done:
- Use resource based policy in accountA that let's the IAM User and/or IAM Role in accountB have access to the secrets placed in accountA.
- Update the KMS key policy in accountA for the key that is used to encrypt/decrypt secrets. Let the same IAM User and/or Role have access to that KMS key. So that they can use it.
- Update the IAM Policy for the IAM User and/or Role in accountB, explicitly allowing it to use the secrets and KMS keys of accountA.
Now, you are able to access the secrets using the same IAM User/Role that is used for the app and theoretically spring-cloud-starter-aws-secrets-manager-config
should fetch the secrets from accountA as well (I have not tested it for myself).
The least benefit you will get is not creating assumedRole client for different account. More details on AWS Blog
QUESTION
I have this buildspec.yaml for my dotnet project.
...ANSWER
Answered 2020-Oct-05 at 11:57Based on the comments.
"No commands found for phase name: install" is not an error. It is an information message that install
phase has no commands.
The issue was due to missing/wrong secret manager secrets
. To verify the correct settings have to go to Secret Manger console, them under Secret Name
it should write CodeBuild
. Next if you Retrieve the secret value
, the Secret Key
should be AWS_ACCESS_KEY_ID
. Same for AWS_SECRET_ACCESS_KEY
.
QUESTION
I am trying to connect a Postgres RDS serverless instance from a CodeBuild project.
this is where it fails:
psql --host ${PG_HOST} --dbname ${PG_DBNAME} --user ${SECRET_USER} -f /tmp/file
/tmp/file exists, so a file permission/non-existing issue is out of question
What I have tried so far, the username and password have been:
- Stored as environment variables in CodeBuild
- Stored in AWS Secrets manager
ANSWER
Answered 2020-Sep-27 at 09:34I tried to replicate the issue, but the only thing I found that you should be using --username
, not --user
. Anyway, here is my buildspec.yml
used for the verification:
QUESTION
I have an existing SpringBoot Application that was running with no issue. I then created a Java library—a standalone repository with only static Java code, no main class. My library is deployed as a GitHub Maven package.
I then proceeded with setting up my GitHub packages repository in my local Maven settings and added the dependency to my original SpringBoot application. The import process is successful, my library's Jar is in the classpath and compilation and build are successful.
What happens next is I run the application now, and I get the following stacktrace:
...ANSWER
Answered 2020-Sep-19 at 18:51You're using different versions of spring-boot-starter-parent (2.3.1.RELEASE and 2.3.4.RELEASE) which is probably leading to inconsistent versions where the later or earlier don't have the method. Try using 2.3.4.RELEASE in your application.
[Update]
You're still getting inconsistent versions of org.springframework:*
on the classpath:
QUESTION
I found this rotation function template, I'm going to modify this template to create my own rotation function and tell Secrets Manager to use it perform the rotation.
My question is which part in the template should I change, it's not very clear in the template, such as line 47-49, should I replace SecretId
with my Secret ARN?
ANSWER
Answered 2020-Jan-29 at 21:32You don't need to make any changes to the logic of loading the event or the environmental variables.
Think of this way. When rotation occurs, secrets manager will invoke your lambda. That invocation has an event associated with it, which contains the rotation step, SecretId of the secret to be rotated, ClientRequestToken, etc
You don't need to modify that logic.
With regards to the lambda you need to set an environment variable for the secrets manager endpoint - https://docs.aws.amazon.com/lambda/latest/dg//go-programming-model-env-variables.html
- ''https://secretsmanager.region.amazonaws.com' but insert the region you're work with - https://secretsmanager.us-west-2.amazonaws.com for example
Community Discussions, Code Snippets contain sources that include Stack Exchange Network
Vulnerabilities
No vulnerabilities reported
Install secrets-manager
You can use secrets-manager like any standard Java library. Please include the the jar files in your classpath. You can also use any IDE and you can run and debug the secrets-manager component as you would do with any other Java program. Best practice is to use a build tool that supports dependency management such as Maven or Gradle. For Maven installation, please refer maven.apache.org. For Gradle installation, please refer gradle.org .
Support
Reuse Trending Solutions
Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from over 650 million Knowledge Items
Find more librariesStay Updated
Subscribe to our newsletter for trending solutions and developer bootcamps
Share this Page