com.amazonaws.services.secretsmanager.AWSSecretsManagerClientBuilder Java Examples

protected SecretCache createSecretCache(
    String awsAccessKey,
    String awsSecretKey,
    String region,
    int cacheSize,
    long cacheTTL
) {
  AWSCredentialsProvider credentials = getCredentialsProvider(awsAccessKey, awsSecretKey);
  AWSSecretsManagerClientBuilder clientBuilder = AWSSecretsManagerClientBuilder
      .standard()
      .withRegion(region)
      .withCredentials(credentials);

  SecretCacheConfiguration cacheConf = new SecretCacheConfiguration()
      .withMaxCacheSize(cacheSize)
      .withCacheItemTTL(cacheTTL)
      .withClient(clientBuilder.build());

  return new SecretCache(cacheConf);
}
 

protected GetSecretValueResult getSecretValue(String secretRegion, String secretName) {
  AWSSecretsManager client =
      AWSSecretsManagerClientBuilder.standard().withRegion(secretRegion).build();

  GetSecretValueRequest getSecretValueRequest =
      new GetSecretValueRequest().withSecretId(secretName);

  try {
    return client.getSecretValue(getSecretValueRequest);
  } catch (AWSSecretsManagerException e) {
    throw new SecretException(
        String.format(
            "An error occurred when using AWS Secrets Manager to fetch: [secretName: %s, secretRegion: %s]",
            secretName, secretRegion),
        e);
  }
}
 

/**
 * @param sourceType Used to aid in logging diagnostic info when raising a support case.
 */
public MetadataHandler(String sourceType)
{
    this.sourceType = sourceType;
    this.spillBucket = System.getenv(SPILL_BUCKET_ENV);
    this.spillPrefix = System.getenv(SPILL_PREFIX_ENV) == null ?
            DEFAULT_SPILL_PREFIX : System.getenv(SPILL_PREFIX_ENV);
    if (System.getenv(DISABLE_SPILL_ENCRYPTION) == null ||
            !DISABLE_ENCRYPTION.equalsIgnoreCase(System.getenv(DISABLE_SPILL_ENCRYPTION))) {
        encryptionKeyFactory = (System.getenv(KMS_KEY_ID_ENV) != null) ?
                new KmsKeyFactory(AWSKMSClientBuilder.standard().build(), System.getenv(KMS_KEY_ID_ENV)) :
                new LocalKeyFactory();
    }
    else {
        encryptionKeyFactory = null;
    }

    this.secretsManager = new CachableSecretsManager(AWSSecretsManagerClientBuilder.defaultClient());
    this.athena = AmazonAthenaClientBuilder.defaultClient();
    this.verifier = new SpillLocationVerifier(AmazonS3ClientBuilder.standard().build());
}
 

/**
 * Constructs the driver setting the properties from the properties file using system properties as defaults.
 * Sets the secret cache to the cache that was passed in.
 *
 * @param cache                                             Secret cache to use to retrieve secrets
 */
protected AWSSecretsManagerDriver(SecretCache cache) {

    final Config config = Config.loadMainConfig();

    String vpcEndpointUrl = config.getStringPropertyWithDefault(PROPERTY_PREFIX+"."+PROPERTY_VPC_ENDPOINT_URL, null);
    String vpcEndpointRegion = config.getStringPropertyWithDefault(PROPERTY_PREFIX+"."+PROPERTY_VPC_ENDPOINT_REGION, null);

    if (vpcEndpointUrl == null || vpcEndpointUrl.isEmpty() || vpcEndpointRegion == null || vpcEndpointRegion.isEmpty()) {
        this.secretCache = cache;
    } else {
        AWSSecretsManagerClientBuilder builder = AWSSecretsManagerClientBuilder.standard();
        builder.setEndpointConfiguration(new AwsClientBuilder.EndpointConfiguration(vpcEndpointUrl, vpcEndpointRegion));

        this.secretCache = new SecretCache(builder);
    }

    setProperties();
    AWSSecretsManagerDriver.register(this);
}
 

/**
 * Constructs a new secret cache using the provided cache configuration.
 *
 * @param config
 *        The secret cache configuration.
 */
public SecretCache(SecretCacheConfiguration config) {
    if (null == config) { config = new SecretCacheConfiguration(); }
    this.cache = new LRUCache<String, SecretCacheItem>(config.getMaxCacheSize());
    this.config = config;
    this.client = config.getClient() != null ? config.getClient() :
            AWSSecretsManagerClientBuilder.standard().build();
}
 

@Bean
@ConditionalOnMissingBean
AWSSecretsManager smClient(AwsSecretsManagerProperties awsSecretsManagerProperties) {
	return StringUtils.isNullOrEmpty(awsSecretsManagerProperties.getRegion())
			? AWSSecretsManagerClientBuilder.defaultClient()
			: AWSSecretsManagerClientBuilder.standard()
					.withRegion(awsSecretsManagerProperties.getRegion()).build();
}
 

@Override
public byte[] decrypt(EncryptedSecret encryptedSecret) {
  String secretName = encryptedSecret.getParams().get(SECRET_NAME);
  String secretRegion = encryptedSecret.getParams().get(SECRET_REGION);
  String secretKey = encryptedSecret.getParams().get(SECRET_KEY);

  AWSSecretsManager client =
      AWSSecretsManagerClientBuilder.standard().withRegion(secretRegion).build();

  byte[] binarySecret = null;
  GetSecretValueRequest getSecretValueRequest =
      new GetSecretValueRequest().withSecretId(secretName);
  GetSecretValueResult getSecretValueResult = null;

  try {
    getSecretValueResult = client.getSecretValue(getSecretValueRequest);
  } catch (Exception e) {
    log.error(
        "An error occurred when trying to use AWS Secrets Manager to fetch: [secretName: {}, secretRegion: {}, secretKey: {}]",
        secretName,
        secretRegion,
        secretKey,
        e);
    throw new RuntimeException("Failed to fetch secret from AWS Secrets Manager", e);
  }

  if (getSecretValueResult.getSecretString() != null) {
    String secret = getSecretValueResult.getSecretString();
    Gson gson = new Gson();
    Type type = new TypeToken<Map<String, String>>() {}.getType();
    Map<String, String> myMap = gson.fromJson(secret, type);
    binarySecret = myMap.get(secretKey).getBytes(StandardCharsets.UTF_8);
  } else {
    binarySecret = getSecretValueResult.getSecretBinary().array();
  }
  return binarySecret;
}
 

public MetricsRecordHandler()
{
    this(AmazonS3ClientBuilder.defaultClient(),
            AWSSecretsManagerClientBuilder.defaultClient(),
            AmazonAthenaClientBuilder.defaultClient(),
            AmazonCloudWatchClientBuilder.standard().build());
}
 

public HbaseRecordHandler()
{
    this(AmazonS3ClientBuilder.defaultClient(),
            AWSSecretsManagerClientBuilder.defaultClient(),
            AmazonAthenaClientBuilder.defaultClient(),
            new HbaseConnectionFactory());
}
 

public RedisRecordHandler()
{
    this(AmazonS3ClientBuilder.standard().build(),
            AWSSecretsManagerClientBuilder.defaultClient(),
            AmazonAthenaClientBuilder.defaultClient(),
            new JedisPoolFactory());
}
 

public DocDBRecordHandler()
{
    this(AmazonS3ClientBuilder.defaultClient(),
            AWSSecretsManagerClientBuilder.defaultClient(),
            AmazonAthenaClientBuilder.defaultClient(),
            new DocDBConnectionFactory());
}
 

public CloudwatchRecordHandler()
{
    this(AmazonS3ClientBuilder.defaultClient(),
            AWSSecretsManagerClientBuilder.defaultClient(),
            AmazonAthenaClientBuilder.defaultClient(),
            AWSLogsClientBuilder.defaultClient());
}
 

public ElasticsearchRecordHandler()
{
    super(AmazonS3ClientBuilder.defaultClient(), AWSSecretsManagerClientBuilder.defaultClient(),
            AmazonAthenaClientBuilder.defaultClient(), SOURCE_TYPE);

    this.typeUtils = new ElasticsearchTypeUtils();
    this.clientFactory = new AwsRestHighLevelClientFactory(getEnv(AUTO_DISCOVER_ENDPOINT)
            .equalsIgnoreCase("true"));
    this.queryTimeout = Long.parseLong(getEnv(QUERY_TIMEOUT_SEARCH));
}
 

/**
 * Default constructor used by Lambda.
 */
public ExampleRecordHandler()
{
    this(AmazonS3ClientBuilder.defaultClient(), AWSSecretsManagerClientBuilder.defaultClient(), AmazonAthenaClientBuilder.defaultClient());
    if (System.getenv(NUM_ROWS_PER_SPLIT) != null) {
        numRowsPerSplit = Integer.parseInt(System.getenv(NUM_ROWS_PER_SPLIT));
    }
}
 

/**
 * @param sourceType Used to aid in logging diagnostic info when raising a support case.
 */
public RecordHandler(String sourceType)
{
    this.sourceType = sourceType;
    this.amazonS3 = AmazonS3ClientBuilder.defaultClient();
    this.secretsManager = new CachableSecretsManager(AWSSecretsManagerClientBuilder.defaultClient());
    this.athena = AmazonAthenaClientBuilder.defaultClient();
}
 

public TPCDSRecordHandler()
{
    super(AmazonS3ClientBuilder.defaultClient(), AWSSecretsManagerClientBuilder.defaultClient(), AmazonAthenaClientBuilder.defaultClient(), SOURCE_TYPE);
}
 

public ExampleRecordHandler()
{
    this(AmazonS3ClientBuilder.defaultClient(), AWSSecretsManagerClientBuilder.defaultClient(), AmazonAthenaClientBuilder.defaultClient());
}
 

protected SimpleFernetKeyRotator(final SecureRandom random) {
    this(new SecretsManager(AWSSecretsManagerClientBuilder.standard()
            .withRequestHandlers(new MemoryOverwritingRequestHandler(random)).build()),
            AWSKMSClientBuilder.defaultClient(), random);
}
 

/**
 * @param random an entropy source
 */
protected MultiFernetKeyRotator(final SecureRandom random) {
    this(new SecretsManager(AWSSecretsManagerClientBuilder.standard()
            .withRequestHandlers(new MemoryOverwritingRequestHandler(random)).build()),
            AWSKMSClientBuilder.defaultClient(), random);
}
 

public PostGreSqlRecordHandler(final DatabaseConnectionConfig databaseConnectionConfig)
{
    this(databaseConnectionConfig, AmazonS3ClientBuilder.defaultClient(), AWSSecretsManagerClientBuilder.defaultClient(), AmazonAthenaClientBuilder.defaultClient(),
            new GenericJdbcConnectionFactory(databaseConnectionConfig, PostGreSqlMetadataHandler.JDBC_PROPERTIES), new PostGreSqlQueryStringBuilder(POSTGRES_QUOTE_CHARACTER));
}
 

public MySqlRecordHandler(final DatabaseConnectionConfig databaseConnectionConfig)
{
    this(databaseConnectionConfig, AmazonS3ClientBuilder.defaultClient(), AWSSecretsManagerClientBuilder.defaultClient(), AmazonAthenaClientBuilder.defaultClient(),
            new GenericJdbcConnectionFactory(databaseConnectionConfig, MySqlMetadataHandler.JDBC_PROPERTIES), new MySqlQueryStringBuilder(MYSQL_QUOTE_CHARACTER));
}
 

/**
 * Constructs a new secret cache using the standard AWS Secrets Manager client with default options.
 */
public SecretCache() {
    this(AWSSecretsManagerClientBuilder.standard());
}
 

/**
 * Constructs the driver setting the properties from the properties file using system properties as defaults.
 * Instantiates the secret cache with the passed in client builder.
 *
 * @param builder                                           Builder used to instantiate cache
 */
protected AWSSecretsManagerDriver(AWSSecretsManagerClientBuilder builder) {
    this(new SecretCache(builder));
}
 

/**
 * Constructs the driver setting the properties from the properties file using system properties as defaults.
 * Instantiates the secret cache with the passed in client builder.
 *
 * @param builder                                           Builder used to instantiate cache
 */
public AWSSecretsManagerPostgreSQLDriver(AWSSecretsManagerClientBuilder builder) {
    super(builder);
}
 

/**
 * Constructs the driver setting the properties from the properties file using system properties as defaults.
 * Instantiates the secret cache with the passed in client builder.
 *
 * @param builder                                           Builder used to instantiate cache
 */
public AWSSecretsManagerMariaDBDriver(AWSSecretsManagerClientBuilder builder) {
    super(builder);
}
 

/**
 * Constructs the driver setting the properties from the properties file using system properties as defaults.
 * Instantiates the secret cache with the passed in client builder.
 *
 * @param builder                                           Builder used to instantiate cache
 */
public AWSSecretsManagerDummyDriver(AWSSecretsManagerClientBuilder builder) {
    super(builder);
}
 

/**
 * Constructs the driver setting the properties from the properties file using system properties as defaults.
 * Instantiates the secret cache with the passed in client builder.
 *
 * @param builder                                           Builder used to instantiate cache
 */
public AWSSecretsManagerMSSQLServerDriver(AWSSecretsManagerClientBuilder builder) {
    super(builder);
}
 

/**
 * Constructs the driver setting the properties from the properties file using system properties as defaults.
 * Instantiates the secret cache with the passed in client builder.
 *
 * @param builder                                           Builder used to instantiate cache
 */
public AWSSecretsManagerOracleDriver(AWSSecretsManagerClientBuilder builder) {
    super(builder);
}
 

/**
 * Constructs the driver setting the properties from the properties file using system properties as defaults.
 * Instantiates the secret cache with the passed in client builder.
 *
 * @param builder                                           Builder used to instantiate cache
 */
public AWSSecretsManagerMySQLDriver(AWSSecretsManagerClientBuilder builder) {
    super(builder);
}
 

/**
 * Gets the secret cache.
 *
 * @return the secret cache
 */
protected SecretCache getSecretCache() {
	return new SecretCache(AWSSecretsManagerClientBuilder.standard().withRegion("eu-west-1"));
}