AWS Secrets Manager Backend

Spring Cloud Config Server supports AWS Secrets Manager as a backend for configuration properties. You can enable this feature by adding a dependency to AWS Java SDK for Secrets Manager.

pom.xml

<dependency>
    <groupId>software.amazon.awssdk</groupId>
    <artifactId>secretsmanager</artifactId>
</dependency>

The following configuration uses the AWS Secrets Manager client to access secrets.

spring:
  profiles:
  	active: awssecretsmanager
  cloud:
    config:
      server:
        aws-secretsmanager:
          region: us-east-1
          endpoint: https://us-east-1.console.aws.amazon.com/
          origin: aws:secrets:
          prefix: /secret/foo
          profileSeparator: _

AWS Secrets Manager API credentials are determined using Default Credential Provider Chain.

When no application is specified application is the default, and when no profile is specified default is used.
Both label and defaultLabel properties are ignored, when ignoreLabel is set to true.