You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I am using config.import for loading secrets from secrets-manager. On a dev machine, intellij is able to fetch secrets from localstack during context load. Which is great! Thanks to your efforts making it easier to integrate with AWS cloud.
When deploying the same app on a docker container, I am seeing following message in logs.
Is it expected?
The application will be deployed on AWS ECS and it will be using assume-role for accessing AWS services. So passing credentials in configs file or env var or docker container is not allowed in current infra. My understanding we could use this approach StsWebIdentityTokenFileCredentialsProvider
Set spring.cloud.aws.credentials.sts.role-arn value.
In java code retrieving secret using @Value() annotation.
application.yaml
spring:
cloud:
aws:
credentials:
access-key: localstack # not working if set inside application-dev.yamlsecret-key: localstack # not working if set inside application-dev.yamlendpoint: ${AWS_ENDPOINT_OVERRIDE:http://localhost:4566}config:
import:
aws-secretsmanager:${ENV_SECRETS_MANAGER_NAME:default_name}
Let me know any more details required.
The text was updated successfully, but these errors were encountered:
This env wasn't in docker so, it was referring from OS which was localhost:4566. Sorry, my bad. After enabling some debug logs for env vars it shown this. I have added AWS_ENDPOINT_OVERRIDE=http://localstack:4566 now, it is working for docker. Thank you for the direction. :)
This is great! I will follow this approach and give it a try.
Type: Issue
Component:
logging
Description of issue
I am using config.import for loading secrets from secrets-manager. On a dev machine, intellij is able to fetch secrets from localstack during context load. Which is great! Thanks to your efforts making it easier to integrate with AWS cloud.
Is it expected?
assume-role
for accessing AWS services. So passing credentials in configs file or env var or docker container is not allowed in current infra. My understanding we could use this approach StsWebIdentityTokenFileCredentialsProviderSet
spring.cloud.aws.credentials.sts.role-arn
value.Is is correct?
Error
Sample
In java code retrieving secret using
@Value()
annotation.application.yaml
Let me know any more details required.
The text was updated successfully, but these errors were encountered: