| == Camel Example AWS Secrets Manager Reloading |
| |
| This example shows how to use AWS Secrets Manager to retrieve a secret, update the secret and trigger a reload of the camel context. |
| |
| Also notice how you can configure Camel in the `application.properties` file. |
| |
| === Setup |
| |
| - Store the secret |
| |
| In this example you'll need to use the AWS CLI to run some commands during the example. |
| |
| First of all we'll need to create a secret in AWS Secret Manager, named `SecretTest`. |
| |
| We'll run |
| |
| [source,sh] |
| ---- |
| aws secretsmanager create-secret --name SecretTest --description "Create a secret" --region eu-west-1 --secret-string secret |
| ---- |
| |
| - Setting up the AWS credentials as environment variables |
| |
| This example uses the ProfileCredentialsProvider from AWS SDK v2. So you'll need to have a configuration file, locally to your machine. |
| |
| In particular you'll need to have a file placed in `~/.aws/credentials` |
| |
| with a content like the following |
| |
| [source,sh] |
| ---- |
| [default] |
| aws_access_key_id = accessKey |
| aws_secret_access_key = secretKey |
| ---- |
| |
| [source,sh] |
| ---- |
| export CAMEL_VAULT_AWS_REGION=<region> |
| export CAMEL_VAULT_AWS_USE_DEFAULT_CREDENTIALS_PROVIDER=true |
| ---- |
| |
| Now you're ready to run the example. |
| |
| === Build |
| |
| First compile the example by executing: |
| |
| [source,sh] |
| ---- |
| $ mvn compile |
| ---- |
| |
| === How to run |
| |
| Then you can run this example using |
| |
| [source,sh] |
| ---- |
| $ mvn camel:run |
| ---- |
| |
| At this point you should see: |
| |
| [source,sh] |
| ---- |
| 15:13:19.468 [org.apache.camel.example.MyApplication.main()] INFO org.apache.camel.main.MainSupport - Apache Camel (Main) 3.19.0-SNAPSHOT is starting |
| 15:13:19.560 [org.apache.camel.example.MyApplication.main()] INFO o.apache.camel.main.BaseMainSupport - Classpath scanning enabled from base package: org.apache.camel.example |
| 15:13:19.674 [org.apache.camel.example.MyApplication.main()] INFO o.a.c.i.e.DefaultBeanIntrospection - Invoked: 1 times (overall) [Method: setProperty, Target: org.apache.camel.vault.AwsVaultConfiguration@59225c3b, Arguments: [defaultCredentialsProvider, true]] |
| 15:13:19.680 [org.apache.camel.example.MyApplication.main()] INFO o.a.c.i.e.DefaultBeanIntrospection - Invoked: 2 times (overall) [Method: setProperty, Target: org.apache.camel.vault.AwsVaultConfiguration@59225c3b, Arguments: [refreshEnabled, true]] |
| 15:13:19.681 [org.apache.camel.example.MyApplication.main()] INFO o.a.c.i.e.DefaultBeanIntrospection - Invoked: 3 times (overall) [Method: setProperty, Target: org.apache.camel.vault.AwsVaultConfiguration@59225c3b, Arguments: [refreshPeriod, 60000]] |
| 15:13:19.681 [org.apache.camel.example.MyApplication.main()] INFO o.a.c.i.e.DefaultBeanIntrospection - Invoked: 4 times (overall) [Method: setProperty, Target: org.apache.camel.vault.AwsVaultConfiguration@59225c3b, Arguments: [region, eu-west-1]] |
| 15:13:19.682 [org.apache.camel.example.MyApplication.main()] INFO o.a.c.i.e.DefaultBeanIntrospection - Invoked: 5 times (overall) [Method: setProperty, Target: org.apache.camel.vault.AwsVaultConfiguration@59225c3b, Arguments: [secrets, SecretTest]] |
| 15:13:19.703 [org.apache.camel.example.MyApplication.main()] INFO o.apache.camel.main.BaseMainSupport - Auto-configuration summary |
| 15:13:19.704 [org.apache.camel.example.MyApplication.main()] INFO o.apache.camel.main.BaseMainSupport - [application.properties] camel.main.name=AWS-secrets-manager |
| 15:13:19.705 [org.apache.camel.example.MyApplication.main()] INFO o.apache.camel.main.BaseMainSupport - [application.properties] camel.main.jmxEnabled=false |
| 15:13:19.705 [org.apache.camel.example.MyApplication.main()] INFO o.apache.camel.main.BaseMainSupport - [application.properties] camel.main.beanIntrospectionLoggingLevel=INFO |
| 15:13:19.705 [org.apache.camel.example.MyApplication.main()] INFO o.apache.camel.main.BaseMainSupport - [application.properties] camel.main.contextReloadEnabled=true |
| 15:13:19.705 [org.apache.camel.example.MyApplication.main()] INFO o.apache.camel.main.BaseMainSupport - [application.properties] camel.vault.aws.defaultCredentialsProvider=true |
| 15:13:19.705 [org.apache.camel.example.MyApplication.main()] INFO o.apache.camel.main.BaseMainSupport - [application.properties] camel.vault.aws.region=eu-west-1 |
| 15:13:19.705 [org.apache.camel.example.MyApplication.main()] INFO o.apache.camel.main.BaseMainSupport - [application.properties] camel.vault.aws.refreshEnabled=true |
| 15:13:19.705 [org.apache.camel.example.MyApplication.main()] INFO o.apache.camel.main.BaseMainSupport - [application.properties] camel.vault.aws.refreshPeriod=60000 |
| 15:13:19.706 [org.apache.camel.example.MyApplication.main()] INFO o.apache.camel.main.BaseMainSupport - [application.properties] camel.vault.aws.secrets=SecretTest |
| 15:13:19.712 [org.apache.camel.example.MyApplication.main()] INFO o.apache.camel.main.BaseMainSupport - Scheduling: Optional[AWS Secrets Refresh Task] running every: 1m0s0ms |
| 15:13:21.464 [org.apache.camel.example.MyApplication.main()] INFO o.a.c.i.engine.AbstractCamelContext - Apache Camel 3.19.0-SNAPSHOT (AWS-secrets-manager) is starting |
| 15:13:21.504 [org.apache.camel.example.MyApplication.main()] INFO o.a.c.i.engine.AbstractCamelContext - Routes startup (started:1) |
| 15:13:21.504 [org.apache.camel.example.MyApplication.main()] INFO o.a.c.i.engine.AbstractCamelContext - Started route1 (timer://myTimer) |
| 15:13:21.518 [org.apache.camel.example.MyApplication.main()] INFO o.a.c.i.engine.AbstractCamelContext - Apache Camel 3.19.0-SNAPSHOT (AWS-secrets-manager) started in 1s3ms (build:45ms init:919ms start:39ms JVM-uptime:5s) |
| 15:13:22.509 [Camel (AWS-secrets-manager) thread #2 - timer://myTimer] INFO route1 - Secret value is: secret |
| 15:13:32.502 [Camel (AWS-secrets-manager) thread #2 - timer://myTimer] INFO route1 - Secret value is: secret |
| 15:13:42.502 [Camel (AWS-secrets-manager) thread #2 - timer://myTimer] INFO route1 - Secret value is: secret |
| ---- |
| |
| The example is running and it is using the original secret value. Now, in a different terminal, run the following AWS CLI command: |
| |
| [source,sh] |
| ---- |
| aws secretsmanager put-secret-value --secret-id SecretTest --region eu-west-1 --secret-string secretImproved |
| ---- |
| |
| Now, get back, to the running Camel application and in the log you should see: |
| |
| [source,sh] |
| ---- |
| . |
| . |
| . |
| 15:14:21.115 [Camel (AWS-secrets-manager) thread #1 - ManagementLoadTask] INFO o.a.c.c.a.s.v.CloudTrailReloadTriggerTask - Update for secret: SecretTest detected, triggering a CamelContext reload |
| 15:14:21.116 [Camel (AWS-secrets-manager) thread #1 - ManagementLoadTask] INFO o.a.c.i.e.DefaultContextReloadStrategy - Reloading CamelContext (AWS-secrets-manager) triggered by: AWS-secrets-manager |
| 15:14:22.433 [Camel (AWS-secrets-manager) thread #5 - timer://myTimer] INFO route1 - Secret value is: secretImproved |
| 15:14:32.433 [Camel (AWS-secrets-manager) thread #5 - timer://myTimer] INFO route1 - Secret value is: secretImproved |
| 15:14:42.433 [Camel (AWS-secrets-manager) thread #5 - timer://myTimer] INFO route1 - Secret value is: secretImproved |
| 15:14:52.433 [Camel (AWS-secrets-manager) thread #5 - timer://myTimer] INFO route1 - Secret value is: secretImproved |
| . |
| . |
| . |
| . |
| ---- |
| |
| The Camel context has been reloaded after we noticed a `PutSecretValue` API invocation for this specific secret, in this specific region, in the AWS CloudTrail service. |
| |
| The example will work even if you remove the property `camel.aws.vault.secrets`, because the aws related properties will be taken into account automatically. |
| |
| Now, stop the application. |
| |
| === Cleanup |
| |
| - Delete the secret |
| |
| Simply run |
| |
| [source,sh] |
| ---- |
| aws secretsmanager delete-secret --secret-id SecretTest --region eu-west-1 --force-delete-without-recovery |
| ---- |
| |
| === Help and contributions |
| |
| If you hit any problem using Camel or have some feedback, then please |
| https://camel.apache.org/community/support/[let us know]. |
| |
| We also love contributors, so |
| https://camel.apache.org/community/contributing/[get involved] :-) |
| |
| The Camel riders! |