mn create-app example.micronaut.micronautguide --build=maven --lang=groovy
Table of Contents
- 1. Getting Started
- 2. What you will need
- 3. Solution
- 4. Writing the Application
- 5. OAuth 2.0 Dependency
- 6. Micronaut AWS Secrets Manager Dependency
- 7. Distributed Configuration
- 8. Create Secret
- 9. Controller
- 10. Logs
- 11. Running the Application
- 12. Next Steps
- 13. Help with the Micronaut Framework
- 14. License
Distributed Configuration with AWS Secrets Manager and the Micronaut Framework
Learn how to load your secrets from AWS Secrets Manager in your Micronaut application
Authors: Sergio del Amo
Micronaut Version: 4.6.3
1. Getting Started
In this guide, we will create a Micronaut application written in Groovy.
2. What you will need
To complete this guide, you will need the following:
-
Some time on your hands
-
A decent text editor or IDE (e.g. IntelliJ IDEA)
-
JDK 21 or greater installed with
JAVA_HOME
configured appropriately
3. Solution
We recommend that you follow the instructions in the next sections and create the application step by step. However, you can go right to the completed example.
-
Download and unzip the source
4. Writing the Application
Create an application using the Micronaut Command Line Interface or with Micronaut Launch.
If you don’t specify the --build argument, Gradle with the Kotlin DSL is used as the build tool. If you don’t specify the --lang argument, Java is used as the language.If you don’t specify the --test argument, JUnit is used for Java and Kotlin, and Spock is used for Groovy.
|
The previous command creates a Micronaut application with the default package example.micronaut
in a directory named micronautguide
.
5. OAuth 2.0 Dependency
To use OAuth 2.0 integration, add the following dependency:
<dependency>
<groupId>io.micronaut.security</groupId>
<artifactId>micronaut-security-oauth2</artifactId>
<scope>compile</scope>
</dependency>
6. Micronaut AWS Secrets Manager Dependency
Add the following dependencies:
<dependency>
<groupId>io.micronaut.aws</groupId>
<artifactId>micronaut-aws-secretsmanager</artifactId>
<scope>compile</scope>
</dependency>
7. Distributed Configuration
7.1. Enable Distributed Configuration
Create a bootstrap.properties
file in the resources
directory to enable distributed configuration.
Add the following:
(1)
micronaut.application.name=micronautguide
(2)
micronaut.config-client.enabled=true
1 | Set the application name in bootstrap.properties instead of application.properties so that it is available when reading configuration from distributed sources.
properties |
2 | Set micronaut.config-client.enabled=true which is used to read and resolve configuration from distributed sources. |
7.2. Clean up Application Configuration
If application.properties
sets micronaut.application.name
, remove it. You moved it to bootstrap.properties
.
micronaut.application.name=micronautguide
7.3. Disable Distributed Configuration for Test
You can disable distributed configuration in a test by annotating a test with:
@Property(name = "micronaut.config-client.enabled", value = StringUtils.FALSE)
@MicronautTest
7.4. Tune Distributed Configuration Startup
Add the following configuration to bootstrap.properties
:
aws.distributed-configuration.search-active-environments=false
aws.distributed-configuration.search-common-application=false
If your application has the following active environments ec2
, cloud
, and lambda
. The following configuration prefixes are searched:
-
/config/micronautguide_ec2/
-
/config/micronautguide_cloud/
-
/config/micronautguide_lambda/
-
/config/micronautguide/
-
/config/application_ec2/
-
/config/application_cloud/
-
/config/application_lambda/
-
/config/application/
If you set:
aws.distributed-configuration.search-active-environments=false
The following prefixes are searched:
-
/config/micronautguide/
-
/config/application/
If you set:
aws.distributed-configuration.search-common-application=false
The following prefixes are searched:
-
/config/micronautguide_ec2/
-
/config/micronautguide_cloud/
-
/config/micronautguide_lambda/
-
/config/micronautguide/
By setting both:
aws.distributed-configuration.search-active-environments=false
aws.distributed-configuration.search-common-application=false
Only the following prefix is searched:
-
/config/micronautguide/
Reducing the number of prefixes reduces the application’s startup.
8. Create Secret
OAuth 2.0 clients have a client id and secret property. We will save both in AWS Secrets Manager.
Create a Secret in AWS Secrets Manager
9. Controller
Create a controller which exposes the value read from AWS Secrets Manager.
package example.micronaut
import io.micronaut.http.MediaType
import io.micronaut.http.annotation.Controller
import io.micronaut.http.annotation.Get
import io.micronaut.http.annotation.Produces
import io.micronaut.security.annotation.Secured
import io.micronaut.security.oauth2.configuration.OauthClientConfiguration
import io.micronaut.security.rules.SecurityRule
import jakarta.inject.Named
@Controller
class ClientIdController {
private final OauthClientConfiguration oauthClientConfiguration;
ClientIdController(@Named("companyauthserver") OauthClientConfiguration oauthClientConfiguration) {
this.oauthClientConfiguration = oauthClientConfiguration
}
@Secured(SecurityRule.IS_ANONYMOUS)
@Produces(MediaType.TEXT_PLAIN)
@Get
String index() {
oauthClientConfiguration.clientId
}
}
10. Logs
Add the following configuration to src/main/resources/logback.xml
to get a more verbose output when the application starts up:
<logger name="io.micronaut.aws.distributedconfiguration" level="TRACE"/>
11. Running the Application
To run the application, use the ./mvnw mn:run
command, which starts the application on port 8080.
You should see traces such as:
11:02:01.342 [main] INFO i.m.context.DefaultBeanContext - Reading bootstrap environment configuration
11:02:01.668 [main] TRACE i.m.a.d.AwsDistributedConfigurationClient - application name: micronautguide
11:02:02.798 [main] TRACE i.m.a.d.AwsDistributedConfigurationClient - evaluating 2 keys
11:02:02.798 [main] TRACE i.m.a.d.AwsDistributedConfigurationClient - adding property micronaut.security.oauth2.clients.companyauthserver.client-id from prefix /config/micronautguide/
11:02:02.798 [main] TRACE i.m.a.d.AwsDistributedConfigurationClient - adding property micronaut.security.oauth2.clients.companyauthserver.client-secret from prefix /config/micronautguide/
11:02:02.798 [main] DEBUG i.m.a.d.AwsDistributedConfigurationClient - Property source awssecretsmanager with #2 items
11:02:02.798 [main] TRACE i.m.a.d.AwsDistributedConfigurationClient - property micronaut.security.oauth2.clients.companyauthserver.client-id resolved
11:02:02.798 [main] TRACE i.m.a.d.AwsDistributedConfigurationClient - property micronaut.security.oauth2.clients.companyauthserver.client-secret resolved
11:02:02.847 [main] INFO i.m.d.c.c.DistributedPropertySourceLocator - Resolved 1 configuration sources from client: compositeConfigurationClient(AWS Secrets Manager)
curl localhost:8080
XXXX
12. Next Steps
Explore more features with Micronaut Guides.
Learn more about Micronaut AWS Secrets Manager integration.
Read about AWS Secrets Manager
13. Help with the Micronaut Framework
The Micronaut Foundation sponsored the creation of this Guide. A variety of consulting and support services are available.
14. License
All guides are released with an Apache license 2.0 license for the code and a Creative Commons Attribution 4.0 license for the writing and media (images…). |