Using secrets from Param Store

In this guide, we will learn how to use secrets from AWS Param Store in a Spring Boot application.

setup your build.gradle.kt with parameter-store lib

or kms-lib

Setup springboot bootstrap.yml

Into the bootstrap file, setup the param-store config:

spring:
  application:
    name: ms-your-application-name
  cloud:
    config:
      enabled: false

aws:
  paramstore:
    prefix: /microservices/${spring.application.name}
    default-context: application
    name: ${aws.paramstore.default-context}
    enabled: false
  kms:
    region: eu-west-1

Create several properties files enable the param-store in the application-dev.yml, application-pre.yml, and application-pro.yml files.

application-dev.yml

aws:
  paramstore:
    enabled: false

application-pre.yml

aws:
  paramstore:
    enabled: true

application-pro.yml

aws:
  paramstore:
    enabled: true

AWS Console Parameter Store

Go to the AWS Console and create a new parameter:

To do that, click on the "create parameter" button and fill the form:

• fill a key name, split by "/" to create a path
• select standard tier
• select secure string to use KMS to encrypt the API-KEY value
• Paste the value and the end of form and click on the "create parameter" button

The KMS service encrypts the value and stores it in the parameter store.

How to use it in your code

In your application.yml, use the ${your-param-store.key} to get the value from the parameter store. Use the part without the prefix to get the value.

If you see the bootstrap.yml file, you can see the prefix used to get the value from the parameter store. So you need to use the key without the prefix in the application.yml file.

app:
  yourapp:
    apiKey: "${your.key}"

Springboot will use the KMS library to decrypt the value and use it in your application.