Skip to content

Latest commit

 

History

History
145 lines (107 loc) · 7.78 KB

README.adoc

File metadata and controls

145 lines (107 loc) · 7.78 KB
Raw

Camel Example AWS Secrets Manager Reloading

This example shows how to use AWS Secrets Manager to retrieve a secret, update the secret and trigger a reload of the camel context.

Also notice how you can configure Camel in the application.properties file.

Setup

  • Store the secret

In this example you’ll need to use the AWS CLI to run some commands during the example.

First of all we’ll need to create a secret in AWS Secret Manager, named SecretTest.

We’ll run

aws secretsmanager create-secret --name SecretTest --description "Create a secret" --region eu-west-1 --secret-string secret

  • Setting up the AWS credentials as environment variables

This example uses the ProfileCredentialsProvider from AWS SDK v2. So you’ll need to have a configuration file, locally to your machine.

In particular you’ll need to have a file placed in ~/.aws/credentials

with a content like the following

[default]
aws_access_key_id = accessKey
aws_secret_access_key = secretKey
export CAMEL_VAULT_AWS_REGION=<region>
export CAMEL_VAULT_AWS_USE_DEFAULT_CREDENTIALS_PROVIDER=true

Now you’re ready to run the example.

Build

First compile the example by executing:

$ mvn compile

How to run

Then you can run this example using

$ mvn camel:run

At this point you should see:

15:13:19.468 [org.apache.camel.example.MyApplication.main()] INFO  org.apache.camel.main.MainSupport - Apache Camel (Main) 3.19.0-SNAPSHOT is starting
15:13:19.560 [org.apache.camel.example.MyApplication.main()] INFO  o.apache.camel.main.BaseMainSupport - Classpath scanning enabled from base package: org.apache.camel.example
15:13:19.674 [org.apache.camel.example.MyApplication.main()] INFO  o.a.c.i.e.DefaultBeanIntrospection - Invoked: 1 times (overall) [Method: setProperty, Target: org.apache.camel.vault.AwsVaultConfiguration@59225c3b, Arguments: [defaultCredentialsProvider, true]]
15:13:19.680 [org.apache.camel.example.MyApplication.main()] INFO  o.a.c.i.e.DefaultBeanIntrospection - Invoked: 2 times (overall) [Method: setProperty, Target: org.apache.camel.vault.AwsVaultConfiguration@59225c3b, Arguments: [refreshEnabled, true]]
15:13:19.681 [org.apache.camel.example.MyApplication.main()] INFO  o.a.c.i.e.DefaultBeanIntrospection - Invoked: 3 times (overall) [Method: setProperty, Target: org.apache.camel.vault.AwsVaultConfiguration@59225c3b, Arguments: [refreshPeriod, 60000]]
15:13:19.681 [org.apache.camel.example.MyApplication.main()] INFO  o.a.c.i.e.DefaultBeanIntrospection - Invoked: 4 times (overall) [Method: setProperty, Target: org.apache.camel.vault.AwsVaultConfiguration@59225c3b, Arguments: [region, eu-west-1]]
15:13:19.682 [org.apache.camel.example.MyApplication.main()] INFO  o.a.c.i.e.DefaultBeanIntrospection - Invoked: 5 times (overall) [Method: setProperty, Target: org.apache.camel.vault.AwsVaultConfiguration@59225c3b, Arguments: [secrets, SecretTest]]
15:13:19.703 [org.apache.camel.example.MyApplication.main()] INFO  o.apache.camel.main.BaseMainSupport - Auto-configuration summary
15:13:19.704 [org.apache.camel.example.MyApplication.main()] INFO  o.apache.camel.main.BaseMainSupport -     [application.properties]       camel.main.name=AWS-secrets-manager
15:13:19.705 [org.apache.camel.example.MyApplication.main()] INFO  o.apache.camel.main.BaseMainSupport -     [application.properties]       camel.main.jmxEnabled=false
15:13:19.705 [org.apache.camel.example.MyApplication.main()] INFO  o.apache.camel.main.BaseMainSupport -     [application.properties]       camel.main.beanIntrospectionLoggingLevel=INFO
15:13:19.705 [org.apache.camel.example.MyApplication.main()] INFO  o.apache.camel.main.BaseMainSupport -     [application.properties]       camel.main.contextReloadEnabled=true
15:13:19.705 [org.apache.camel.example.MyApplication.main()] INFO  o.apache.camel.main.BaseMainSupport -     [application.properties]       camel.vault.aws.defaultCredentialsProvider=true
15:13:19.705 [org.apache.camel.example.MyApplication.main()] INFO  o.apache.camel.main.BaseMainSupport -     [application.properties]       camel.vault.aws.region=eu-west-1
15:13:19.705 [org.apache.camel.example.MyApplication.main()] INFO  o.apache.camel.main.BaseMainSupport -     [application.properties]       camel.vault.aws.refreshEnabled=true
15:13:19.705 [org.apache.camel.example.MyApplication.main()] INFO  o.apache.camel.main.BaseMainSupport -     [application.properties]       camel.vault.aws.refreshPeriod=60000
15:13:19.706 [org.apache.camel.example.MyApplication.main()] INFO  o.apache.camel.main.BaseMainSupport -     [application.properties]       camel.vault.aws.secrets=SecretTest
15:13:19.712 [org.apache.camel.example.MyApplication.main()] INFO  o.apache.camel.main.BaseMainSupport - Scheduling: Optional[AWS Secrets Refresh Task] running every: 1m0s0ms
15:13:21.464 [org.apache.camel.example.MyApplication.main()] INFO  o.a.c.i.engine.AbstractCamelContext - Apache Camel 3.19.0-SNAPSHOT (AWS-secrets-manager) is starting
15:13:21.504 [org.apache.camel.example.MyApplication.main()] INFO  o.a.c.i.engine.AbstractCamelContext - Routes startup (started:1)
15:13:21.504 [org.apache.camel.example.MyApplication.main()] INFO  o.a.c.i.engine.AbstractCamelContext -     Started route1 (timer://myTimer)
15:13:21.518 [org.apache.camel.example.MyApplication.main()] INFO  o.a.c.i.engine.AbstractCamelContext - Apache Camel 3.19.0-SNAPSHOT (AWS-secrets-manager) started in 1s3ms (build:45ms init:919ms start:39ms JVM-uptime:5s)
15:13:22.509 [Camel (AWS-secrets-manager) thread #2 - timer://myTimer] INFO  route1 - Secret value is: secret
15:13:32.502 [Camel (AWS-secrets-manager) thread #2 - timer://myTimer] INFO  route1 - Secret value is: secret
15:13:42.502 [Camel (AWS-secrets-manager) thread #2 - timer://myTimer] INFO  route1 - Secret value is: secret

The example is running and it is using the original secret value. Now, in a different terminal, run the following AWS CLI command:

aws secretsmanager put-secret-value --secret-id SecretTest --region eu-west-1 --secret-string secretImproved

Now, get back, to the running Camel application and in the log you should see:

.
.
.
15:14:21.115 [Camel (AWS-secrets-manager) thread #1 - ManagementLoadTask] INFO  o.a.c.c.a.s.v.CloudTrailReloadTriggerTask - Update for secret: SecretTest detected, triggering a CamelContext reload
15:14:21.116 [Camel (AWS-secrets-manager) thread #1 - ManagementLoadTask] INFO  o.a.c.i.e.DefaultContextReloadStrategy - Reloading CamelContext (AWS-secrets-manager) triggered by: AWS-secrets-manager
15:14:22.433 [Camel (AWS-secrets-manager) thread #5 - timer://myTimer] INFO  route1 - Secret value is: secretImproved
15:14:32.433 [Camel (AWS-secrets-manager) thread #5 - timer://myTimer] INFO  route1 - Secret value is: secretImproved
15:14:42.433 [Camel (AWS-secrets-manager) thread #5 - timer://myTimer] INFO  route1 - Secret value is: secretImproved
15:14:52.433 [Camel (AWS-secrets-manager) thread #5 - timer://myTimer] INFO  route1 - Secret value is: secretImproved
.
.
.
.

The Camel context has been reloaded after we noticed a PutSecretValue API invocation for this specific secret, in this specific region, in the AWS CloudTrail service.

The example will work even if you remove the property camel.aws.vault.secrets, because the aws related properties will be taken into account automatically.

Now, stop the application.

Cleanup

  • Delete the secret

Simply run

aws secretsmanager delete-secret --secret-id SecretTest --region eu-west-1 --force-delete-without-recovery

Help and contributions

If you hit any problem using Camel or have some feedback, then please let us know.

We also love contributors, so get involved :-)

The Camel riders!