Database password rotation with AWS Secrets Manager and Spring Boot

The real question is: why did you stop making these videos? Last one in the channel (the current one) is 9 months old. The material is really good and to the point and really useful for learning about Spring and AWS. I specially liked the one about LocalStack and TestContainers.

In case you can point to all the documentation from with you have made this it will help. This effort too was quite helpful. Thank you for posting

This was what I was looking for.. really helped me... great explanation .. Subscribed!

Really great tutorial. Thank you for showing the alternative (aws-secretsmanager-jdbc library) to that Java code snippet.

Thank you so much for this awesowe video.

Thanks for the excellent video.

The real good one. Thanks

As usual great content.

Really like your video format!

I have to add it's not that the AWS maintains 2 passwords at once so that you can connect. What happened really is that the connection was already open when the password changed, therefore it continued to work. Until the program restart, of course.

Nice video...

golden tutorial

Welcome back

well explained

Nice video, i was struggling to write lambda. But now i came to know lambda is automatically written

Is something similar available for ruby to connect to postgres? So that the password can be pulled dynamically and secret rotation also talen care.

Do you have any solution without server reboot to adjust db properties instantly?

Maaaaaaan, you must come back! Why are you taking such a big break between your videos ???
I thought I finally found awesome content about Spring boot.
We need you. Please come back :)
Or if you have some paid courses, give us a link.

After rotating secret in secret manager, do we not needed to update the new password in RDS?

great explanation Maciej ..One thing I would like to know is using aws-secretsmanager-jdbc library if the application is using old password and now if secrets rotation happens how application works without restarting it ? I mean how application establishes the connection with new password without restarting ?

I follow the instruction but I dont know why my DB's password is not encrypt and it's still show the plain text. For example your password is myscecret and after creating the key, it's still show myscecret. Can you give me the advise?

Do you need the client id and the client secret as environment variables in order for this to work?

Amy idea how to handle this same scenario in NodeJs?

i am using aurora postgresql and its not working. does the url change when i switch to the secrets manager (not the prefix, the host part or port part i mean)? also, my db is in a private subnet. i dont have to change any roles, policies, security groups right? thanks.

Guyz I am trying to integrate the secret Manager on on premise web server…. We have jboss eap which is connecting to cloud database now I want to mask the id and password using secret manager on the on prem server… have tried multiple method online but nothing seems to work ……does anyone have document for this will by much help

How it works with amazon documentdb?

Is there a way using this dependency to make the data source url dynamic, including the port number?

Sir,
Please suggest me subjects to become full stack java developer and best Datastructure course.
Thanks in advance.

This approach works fine for spring data source using jdbc template but not working with spring boot jpa applications.Any idea??
Error:
ERROR o.s.boot.SpringApplication.reportFailure - Application run failed
org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'entityManagerFactory' defined in class path resource [org/springframework/boot/autoconfigure/orm/jpa/HibernateJpaConfiguration.class]: Unsatisfied dependency expressed through method 'entityManagerFactory' parameter 0; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'entityManagerFactoryBuilder' defined in class path resource [org/springframework/boot/autoconfigure/orm/jpa/HibernateJpaConfiguration.class]: Unsatisfied dependency expressed through method 'entityManagerFactoryBuilder' parameter 0; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'jpaVendorAdapter' defined in class path resource [org/springframework/boot/autoconfigure/orm/jpa/HibernateJpaConfiguration.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.springframework.orm.jpa.JpaVendorAdapter]: Factory method 'jpaVendorAdapter' threw exception; nested exception is java.lang.RuntimeException: Driver com.mysql.cj.jdbc.Driver claims to not accept jdbcUrl, jdbc-secretsmanager:mysql://hostname:3306/dbname

Failed to initialize pool: Invalid name. Must be a valid name containing alphanumeric characters, or any of the following: -/_+=.@! ...
Any idea how can fix this?

Thanks for the video. One question, do we have any way to hide the real url of database such like username and password. Anyway thank you your video to get me an idea for this situation.

I might have missed something, but why did your local application have permission to access the secretmanager? kind of looks like everyone could get your passwords from the secret manager.

Reason: Unable to find a region via the region provider chain. Must provide an explicit region in the builder or setup environment to supply a region.
getting this error. please advise.

Hello, Can you please share your example repo (spring-boot-secrets-manager-jdbc-demo) with us ? Thank you for gr8 session

Anyone help me instead of Spring boot i need to use node js any idea about this.
Thanks :)

What about documentDB=

Hi, one more time. How we can rotate DB password using AWS SM, but at our local DB - not from the RDS list? For example, I would back to REDIS. We have Redis(we haven't Redis engine in AWS RDS), and we need to change a password for him every month(It's would be nice if you send some tutorials how we can change this value programicaly). This is my poc, but I really want to know how to provide the secret to DB , which we haven't in RDS variability(or have, but we don't want to use RDS). (mb, we need a specific configuration?)
And thx for your great work. Your channel is really helpful. Better on RUclips.

Can you please provide me this application code for testing, Please share github link for the same code?

Any one know how to do in python using fast api?

Hi Thanks for a wonderful tuitorial, I am getting an error on spring.datasource.driver-class-name=com.amazonaws.secretsmanager.sql.AWSSecretsManagerPostgreSQLDriver
Error is :
Failed to bind properties under '' to com.zaxxer.hikari.HikariDataSource:
Property: driver-class-name
Value: com.amazonaws.secretsmanager.sql.AWSSecretsManagerPostgreSQLDriver
Origin: "driverClassName" from property source "source"
Reason: Unable to find a region via the region provider chain. Must provide an explicit region in the builder or setup environment to supply a region.
Current Property file entries are :
spring.datasource.url=jdbc-secretsmanager:postgresql://database-2.cvsjlkvjytkt.us-east-2.rds.amazonaws.com/postgres
spring.datasource.driver-class-name=com.amazonaws.secretsmanager.sql.AWSSecretsManagerPostgreSQLDriver
spring.datasource.username=/secrets/my-app/db
Can you please help on this issue

Great, give an application FULL grants over RDS... Bad idea.