Google Git
Sign in
apache / camel-examples / e0726caf5d4d2444efafc4153052786ff06b6150 / . / vault / aws-secrets-manager-reloading / README.adoc
blob: 86501990cc7f6e448f9d0b3afa5bec6a04920c19 [file] [log] [blame]
== Camel Example AWS Secrets Manager Reloading
This example shows how to use AWS Secrets Manager to retrieve a secret, update the secret and trigger a reload of the camel context.
Also notice how you can configure Camel in the `application.properties` file.
=== Setup
- Store the secret
In this example you'll need to use the AWS CLI to run some commands during the example.
First of all we'll need to create a secret in AWS Secret Manager, named `SecretTest`.
We'll run
[source,sh]
----
aws secretsmanager create-secret --name SecretTest --description "Create a secret" --region eu-west-1 --secret-string secret
----
- Setting up the AWS credentials as environment variables
This example uses the ProfileCredentialsProvider from AWS SDK v2. So you'll need to have a configuration file, locally to your machine.
In particular you'll need to have a file placed in `~/.aws/credentials`
with a content like the following
[source,sh]
----
[default]
aws_access_key_id = accessKey
aws_secret_access_key = secretKey
----
[source,sh]
----
export CAMEL_VAULT_AWS_REGION=<region>
export CAMEL_VAULT_AWS_USE_DEFAULT_CREDENTIALS_PROVIDER=true
----
Now you're ready to run the example.
=== Build
First compile the example by executing:
[source,sh]
----
$ mvn compile
----
=== How to run
Then you can run this example using
[source,sh]
----
$ mvn camel:run
----
At this point you should see:
[source,sh]
----
15:13:19.468 [org.apache.camel.example.MyApplication.main()] INFO org.apache.camel.main.MainSupport - Apache Camel (Main) 3.19.0-SNAPSHOT is starting
15:13:19.560 [org.apache.camel.example.MyApplication.main()] INFO o.apache.camel.main.BaseMainSupport - Classpath scanning enabled from base package: org.apache.camel.example
15:13:19.674 [org.apache.camel.example.MyApplication.main()] INFO o.a.c.i.e.DefaultBeanIntrospection - Invoked: 1 times (overall) [Method: setProperty, Target: org.apache.camel.vault.AwsVaultConfiguration@59225c3b, Arguments: [defaultCredentialsProvider, true]]
15:13:19.680 [org.apache.camel.example.MyApplication.main()] INFO o.a.c.i.e.DefaultBeanIntrospection - Invoked: 2 times (overall) [Method: setProperty, Target: org.apache.camel.vault.AwsVaultConfiguration@59225c3b, Arguments: [refreshEnabled, true]]
15:13:19.681 [org.apache.camel.example.MyApplication.main()] INFO o.a.c.i.e.DefaultBeanIntrospection - Invoked: 3 times (overall) [Method: setProperty, Target: org.apache.camel.vault.AwsVaultConfiguration@59225c3b, Arguments: [refreshPeriod, 60000]]
15:13:19.681 [org.apache.camel.example.MyApplication.main()] INFO o.a.c.i.e.DefaultBeanIntrospection - Invoked: 4 times (overall) [Method: setProperty, Target: org.apache.camel.vault.AwsVaultConfiguration@59225c3b, Arguments: [region, eu-west-1]]
15:13:19.682 [org.apache.camel.example.MyApplication.main()] INFO o.a.c.i.e.DefaultBeanIntrospection - Invoked: 5 times (overall) [Method: setProperty, Target: org.apache.camel.vault.AwsVaultConfiguration@59225c3b, Arguments: [secrets, SecretTest]]
15:13:19.703 [org.apache.camel.example.MyApplication.main()] INFO o.apache.camel.main.BaseMainSupport - Auto-configuration summary
15:13:19.704 [org.apache.camel.example.MyApplication.main()] INFO o.apache.camel.main.BaseMainSupport - [application.properties] camel.main.name=AWS-secrets-manager
15:13:19.705 [org.apache.camel.example.MyApplication.main()] INFO o.apache.camel.main.BaseMainSupport - [application.properties] camel.main.jmxEnabled=false
15:13:19.705 [org.apache.camel.example.MyApplication.main()] INFO o.apache.camel.main.BaseMainSupport - [application.properties] camel.main.beanIntrospectionLoggingLevel=INFO
15:13:19.705 [org.apache.camel.example.MyApplication.main()] INFO o.apache.camel.main.BaseMainSupport - [application.properties] camel.main.contextReloadEnabled=true
15:13:19.705 [org.apache.camel.example.MyApplication.main()] INFO o.apache.camel.main.BaseMainSupport - [application.properties] camel.vault.aws.defaultCredentialsProvider=true
15:13:19.705 [org.apache.camel.example.MyApplication.main()] INFO o.apache.camel.main.BaseMainSupport - [application.properties] camel.vault.aws.region=eu-west-1
15:13:19.705 [org.apache.camel.example.MyApplication.main()] INFO o.apache.camel.main.BaseMainSupport - [application.properties] camel.vault.aws.refreshEnabled=true
15:13:19.705 [org.apache.camel.example.MyApplication.main()] INFO o.apache.camel.main.BaseMainSupport - [application.properties] camel.vault.aws.refreshPeriod=60000
15:13:19.706 [org.apache.camel.example.MyApplication.main()] INFO o.apache.camel.main.BaseMainSupport - [application.properties] camel.vault.aws.secrets=SecretTest
15:13:19.712 [org.apache.camel.example.MyApplication.main()] INFO o.apache.camel.main.BaseMainSupport - Scheduling: Optional[AWS Secrets Refresh Task] running every: 1m0s0ms
15:13:21.464 [org.apache.camel.example.MyApplication.main()] INFO o.a.c.i.engine.AbstractCamelContext - Apache Camel 3.19.0-SNAPSHOT (AWS-secrets-manager) is starting
15:13:21.504 [org.apache.camel.example.MyApplication.main()] INFO o.a.c.i.engine.AbstractCamelContext - Routes startup (started:1)
15:13:21.504 [org.apache.camel.example.MyApplication.main()] INFO o.a.c.i.engine.AbstractCamelContext - Started route1 (timer://myTimer)
15:13:21.518 [org.apache.camel.example.MyApplication.main()] INFO o.a.c.i.engine.AbstractCamelContext - Apache Camel 3.19.0-SNAPSHOT (AWS-secrets-manager) started in 1s3ms (build:45ms init:919ms start:39ms JVM-uptime:5s)
15:13:22.509 [Camel (AWS-secrets-manager) thread #2 - timer://myTimer] INFO route1 - Secret value is: secret
15:13:32.502 [Camel (AWS-secrets-manager) thread #2 - timer://myTimer] INFO route1 - Secret value is: secret
15:13:42.502 [Camel (AWS-secrets-manager) thread #2 - timer://myTimer] INFO route1 - Secret value is: secret
----
The example is running and it is using the original secret value. Now, in a different terminal, run the following AWS CLI command:
[source,sh]
----
aws secretsmanager put-secret-value --secret-id SecretTest --region eu-west-1 --secret-string secretImproved
----
Now, get back, to the running Camel application and in the log you should see:
[source,sh]
----
.
.
.
15:14:21.115 [Camel (AWS-secrets-manager) thread #1 - ManagementLoadTask] INFO o.a.c.c.a.s.v.CloudTrailReloadTriggerTask - Update for secret: SecretTest detected, triggering a CamelContext reload
15:14:21.116 [Camel (AWS-secrets-manager) thread #1 - ManagementLoadTask] INFO o.a.c.i.e.DefaultContextReloadStrategy - Reloading CamelContext (AWS-secrets-manager) triggered by: AWS-secrets-manager
15:14:22.433 [Camel (AWS-secrets-manager) thread #5 - timer://myTimer] INFO route1 - Secret value is: secretImproved
15:14:32.433 [Camel (AWS-secrets-manager) thread #5 - timer://myTimer] INFO route1 - Secret value is: secretImproved
15:14:42.433 [Camel (AWS-secrets-manager) thread #5 - timer://myTimer] INFO route1 - Secret value is: secretImproved
15:14:52.433 [Camel (AWS-secrets-manager) thread #5 - timer://myTimer] INFO route1 - Secret value is: secretImproved
.
.
.
.
----
The Camel context has been reloaded after we noticed a `PutSecretValue` API invocation for this specific secret, in this specific region, in the AWS CloudTrail service.
The example will work even if you remove the property `camel.aws.vault.secrets`, because the aws related properties will be taken into account automatically.
Now, stop the application.
=== Cleanup
- Delete the secret
Simply run
[source,sh]
----
aws secretsmanager delete-secret --secret-id SecretTest --region eu-west-1 --force-delete-without-recovery
----
=== Help and contributions
If you hit any problem using Camel or have some feedback, then please
https://camel.apache.org/community/support/[let us know].
We also love contributors, so
https://camel.apache.org/community/contributing/[get involved] :-)
The Camel riders!