Database password rotation with AWS Secrets Manager and Spring Boot

preview_player
Показать описание
Depending on how serious you are about security you may want to consider setting up password rotation for databases. If you're on AWS - they've got you covered! AWS Secrets Manager comes with support for automatic password rotation for RDS (and other database services).

In my channel I discuss things I believe are relevant to either Java & Spring beginners, or advanced developers who want to stay up to date. Feedback is very much welcome!

--
Music:
  1. Maciej Walkowiak 🍃 Spring Academy
  2. spring boot
  3. spring academy
  4. maciej walkowiak
  5. aws
  6. spring boot aws
Рекомендации по теме
Database password rotation 0:15:29

Database password rotation with AWS Secrets Manager and Spring Boot

AWS Secrets Manager: 0:08:44

AWS Secrets Manager: Amazon RDS integration for master user password management

AWS Secrets Manager 0:05:35

AWS Secrets Manager Automatically Rotate MySQL passwords Terraform Module

AWS Windows password 0:15:50

AWS Windows password rotation with Custom Secret Manager

AWS Secrets Manager 0:20:02

AWS Secrets Manager - Rotate Secrets

AWS Secrets Manager 0:04:43

AWS Secrets Manager Step-by-Step: Store, Rotate & Delete Secrets

AWS Secrets Manager 0:05:31

AWS Secrets Manager with RDS and Lambda | Hands-on Practice

How do I 0:02:01

How do I reset the admin user password for my Amazon RDS DB instance?

How to Use 0:13:50

How to Use Lambda Functions to Rotate Secrets in AWS | Code and Configuration | Expained in Hindi

Automatically Rotate PostgreSQL 0:08:49

Automatically Rotate PostgreSQL Credentials with AWS CDK + Lambda

How to Connect 0:22:58

How to Connect to RDS MySQL using AWS Secrets Manager from EC2 and Lambda by AWS Avinash Reddy

AWS Lab Secrets 0:33:03

AWS Lab Secrets Manager | AWS Hands On | AWS By Doing

AWS Secrets Manager: 0:03:18

AWS Secrets Manager: Rotation Windows | Amazon Web Services

Continuous Delivery for 0:29:25

Continuous Delivery for AWS Secrets Rotation

AWS Secrets Manager 0:11:38

AWS Secrets Manager

AWS Secrets Manager 0:11:38

AWS Secrets Manager | Handle credentials securely and auto rotate it every x days

AWS Secrets Manager 0:24:12

AWS Secrets Manager Service Overview with Demo

HashiCorp Vault Explained 0:03:39

HashiCorp Vault Explained in 180 seconds

Spring Boot application 0:27:21

Spring Boot application + RDS MySql + AWS SecretManager with Rotation

How can I 0:02:06

How can I change the encryption key used by my Amazon RDS DB instances and DB snapshots?

AWS KMS Hands 0:10:49

AWS KMS Hands on lab - How to enable and disable automatic key rotation for a symmetric CMK?

AWS Secret Manager 0:05:31

AWS Secret Manager - Creation of RDS Secret

Back to Basics: 0:04:36

Back to Basics: Secrets Management

AWS # 105 0:17:45

AWS # 105 # AWS KMS Encrypt & Decrypt (Hands On)

Комментарии
Автор

The real question is: why did you stop making these videos? Last one in the channel (the current one) is 9 months old. The material is really good and to the point and really useful for learning about Spring and AWS. I specially liked the one about LocalStack and TestContainers.

dvaderjava
Автор

This was what I was looking for.. really helped me... great explanation .. Subscribed!

amrutprabhu
Автор

In case you can point to all the documentation from with you have made this it will help. This effort too was quite helpful. Thank you for posting

ranajitjana
Автор

Really great tutorial. Thank you for showing the alternative (aws-secretsmanager-jdbc library) to that Java code snippet.

mykolaskucinskas
Автор

I have to add it's not that the AWS maintains 2 passwords at once so that you can connect. What happened really is that the connection was already open when the password changed, therefore it continued to work. Until the program restart, of course.

OlegKosmakov
Автор

Nice video, i was struggling to write lambda. But now i came to know lambda is automatically written

mannanahmad
Автор

Thank you so much for this awesowe video.

bbNganNguyen
Автор

you must come back! Why are you taking such a big break between your videos ???
I thought I finally found awesome content about Spring boot.
We need you. Please come back :)
Or if you have some paid courses, give us a link.

amirmuhsin
Автор

great explanation Maciej ..One thing I would like to know is using aws-secretsmanager-jdbc library if the application is using old password and now if secrets rotation happens how application works without restarting it ? I mean how application establishes the connection with new password without restarting ?

lighninggamerz
Автор

Amy idea how to handle this same scenario in NodeJs?

sangitabiswas
Автор

This approach works fine for spring data source using jdbc template but not working with spring boot jpa applications.Any idea??


Error:
ERROR - Application run failed
Error creating bean with name 'entityManagerFactory' defined in class path resource Unsatisfied dependency expressed through method 'entityManagerFactory' parameter 0; nested exception is Error creating bean with name 'entityManagerFactoryBuilder' defined in class path resource Unsatisfied dependency expressed through method 'entityManagerFactoryBuilder' parameter 0; nested exception is Error creating bean with name 'jpaVendorAdapter' defined in class path resource Bean instantiation via factory method failed; nested exception is Failed to instantiate Factory method 'jpaVendorAdapter' threw exception; nested exception is java.lang.RuntimeException: Driver com.mysql.cj.jdbc.Driver claims to not accept jdbcUrl,

shekhshek
Автор

Thanks for the video. One question, do we have any way to hide the real url of database such like username and password. Anyway thank you your video to get me an idea for this situation.

khoale
Автор

After rotating secret in secret manager, do we not needed to update the new password in RDS?

inaslohith
Автор

Hello, Can you please share your example repo with us ? Thank you for gr8 session

subodhgholap
Автор

Is something similar available for ruby to connect to postgres? So that the password can be pulled dynamically and secret rotation also talen care.

pavankumarnimmagadda
Автор

Guyz I am trying to integrate the secret Manager on on premise web server…. We have jboss eap which is connecting to cloud database now I want to mask the id and password using secret manager on the on prem server… have tried multiple method online but nothing seems to work ……does anyone have document for this will by much help

ansariamin
Автор

Hi, one more time. How we can rotate DB password using AWS SM, but at our local DB - not from the RDS list? For example, I would back to REDIS. We have Redis(we haven't Redis engine in AWS RDS), and we need to change a password for him every month(It's would be nice if you send some tutorials how we can change this value programicaly). This is my poc, but I really want to know how to provide the secret to DB, which we haven't in RDS variability(or have, but we don't want to use RDS). (mb, we need a specific configuration?)

And thx for your great work. Your channel is really helpful. Better on YouTube.

olehstepaniak
Автор

I follow the instruction but I dont know why my DB's password is not encrypt and it's still show the plain text. For example your password is myscecret and after creating the key, it's still show myscecret. Can you give me the advise?

bbNganNguyen
Автор

Do you have any solution without server reboot to adjust db properties instantly?

jdkim
Автор

I might have missed something, but why did your local application have permission to access the secretmanager? kind of looks like everyone could get your passwords from the secret manager.

dominikbartholdi
welcome to shbcf.ru