Ask questionsAdd support for Secret Manager for RDS instance

When creating Secret for RDS with autorotate feature the secret is created in format: Screenshot 2021-06-24 at 19 04 20

From Micronaut perspective there's no way how to adjust the secret key name so it would respect the micronaut context path like datasources.default.username so it would be automatically configured. The lambda function that handles the rotation expects exact format [2].

Because of this it would be great to have a way how to either: A) add the prefix for the properties before they are injected into context:

    enabled: true
       - <secret-name>:
         prefix: datasources.default

B) Provide an datasource bean initialization handler very similar to [3] that based on secret name would do all the configuration for the user.

     aws-secret-name: <secret-name>

C) ??

[1] [2] [3]


Answer questions lightbody


Currently we're using the distributed configuration feature to keep our database password and OAuth client secrets out of the config files. But the way the AWS Secrets Manager distributed config is written, the secret must be in a specific pattern, such as:

Secret named /config/myapp_prod/database:

  • datasources.default.password = str0ng_p@assword

In other words, the current integration asks you to store the secrets (name + kv pairs) in a Micronaut-friendly way. What you're asking for, given the rigidity of RDS's password rotation and secret storage solution, is for Micronaut to adapt to it rather than the other way around.

I would very much like support for this, or something like this :)


Related questions

No questions were found.
Github User Rank List