spring-cloud-aws
spring-cloud-aws copied to clipboard
awspring
SecretsManagerClient unavailable in Spring application context
Type: Bug
Component: "Secrets Manager" Spring Boot 3.2.1 spring-cloud-aws. 3.1.0 software.amazon.awssdk 2.22.12
Describe the bug Including spring-cloud-aws-starter-secrets-manager in my pom does not make SecretsManagerClient available in my Spring application context. The documentation indicates that is the way that should work and would be consistent with spring cloud aws libraries. https://docs.awspring.io/spring-cloud-aws/docs/3.1.0/reference/html/index.html#using-secretsmanagerclient
The starter automatically configures and registers a SecretsManagerClient bean in the Spring application context. The SecretsManagerClient bean can be used to create or retrieve secrets imperatively.
Sample
@Service
public class SecretService {
@Autowired
private SecretsManagerClient secretsClient;
}
Results in the below startup log
*************************** APPLICATION FAILED TO START
Description:
Field secretsClient in org.foo.secrettest.SecretService required a bean of type 'software.amazon.awssdk.services.secretsmanager.SecretsManagerClient' that could not be found.
The injection point has the following annotations:
@org.springframework.beans.factory.annotation.Autowired(required=true) Action:
Consider defining a bean of type 'software.amazon.awssdk.services.secretsmanager.SecretsManagerClient' in your configuration.
Process finished with exit code 1
I could create a SecretsManagerClient @Bean but then it won't be automatically configured with the values in application.yaml.
I did find that if used the property spring.config.import: optional:aws-secretsmanager:/my/dummy/secret to load secrets at startup, that Spring would add SecretsManagerClient to the Spring application context and the error would no longer happen.
https://stackoverflow.com/questions/77783293/spring-cloud-aws-secretsmanagerclient-not-available-in-spring-application-contex
Hey @joeglorioso , this is not a bug but missing autoconfiguration for a client since we only configure the client if spring.config.import is used
@MatejNedic Thanks for the tip. Sorry for my inexperience. I do not see this anywhere in the documentation. Could you point me to it?
To me this is still not consistent with the documentation that I referenced and not consistent with the way that the other AWS clients are initialized and added to the application context. If it's a feature and not a bug, it should be clearly called out in the documentation so that people who are new spring cloud aws and to this version will know.
@MatejNedic Am I correct in saying that the current implementation is assuming a SecretsManagerClient would only be used to bind AWS Secrets Manager secrets to Spring environment properties as an external property source?
That's a common use case but it doesn't handle applications that generate secrets as opposed to consuming a predefined secret.
I have an application integrated with AWS Secrets Manager that needs to create new secrets from within a service. I'd like to autowire an initialized SecretsManagerClient into that service. I don't have a need to pass a preexisting secret into, say, an application.yml template variable.
I think @joeglorioso might be running into the same problem.
Hey @ccobham , you are correct. Are you willing to do PR for auto configuration? I am not sure about SecretsManagerTemplate tbh.