This example shows how to use AWS Secrets Manager to retrieve a secret, update the secret and trigger a reload of the camel context.
Also notice how you can configure Camel in the
Store the secret
In this example you’ll need to use the AWS CLI to run some commands during the example.
First of all we’ll need to create a secret in AWS Secret Manager, named SecretTest
We’ll run
aws secretsmanager create-secret --name SecretTest --description "Create a secret" --region eu-west-1 --secret-string secret
Setting up the AWS credentials as enviroment variables
This example uses the ProfileCredentialsProvider from AWS SDK v2. So you’ll need to have a configuration file, locally to your machine.
In particular you’ll need to have a file placed in ~/.aws/credentials
with a content like the following
aws_access_key_id = accessKey
aws_secret_access_key = secretKey
export CAMEL_VAULT_AWS_REGION=<region>
Now you’re ready to run the example.
Then you can run this example using
$ mvn camel:run
At this point you should see:
15:13:19.468 [org.apache.camel.example.MyApplication.main()] INFO org.apache.camel.main.MainSupport - Apache Camel (Main) 3.19.0-SNAPSHOT is starting
15:13:19.560 [org.apache.camel.example.MyApplication.main()] INFO o.apache.camel.main.BaseMainSupport - Classpath scanning enabled from base package: org.apache.camel.example
15:13:19.674 [org.apache.camel.example.MyApplication.main()] INFO o.a.c.i.e.DefaultBeanIntrospection - Invoked: 1 times (overall) [Method: setProperty, Target: org.apache.camel.vault.AwsVaultConfiguration@59225c3b, Arguments: [defaultCredentialsProvider, true]]
15:13:19.680 [org.apache.camel.example.MyApplication.main()] INFO o.a.c.i.e.DefaultBeanIntrospection - Invoked: 2 times (overall) [Method: setProperty, Target: org.apache.camel.vault.AwsVaultConfiguration@59225c3b, Arguments: [refreshEnabled, true]]
15:13:19.681 [org.apache.camel.example.MyApplication.main()] INFO o.a.c.i.e.DefaultBeanIntrospection - Invoked: 3 times (overall) [Method: setProperty, Target: org.apache.camel.vault.AwsVaultConfiguration@59225c3b, Arguments: [refreshPeriod, 60000]]
15:13:19.681 [org.apache.camel.example.MyApplication.main()] INFO o.a.c.i.e.DefaultBeanIntrospection - Invoked: 4 times (overall) [Method: setProperty, Target: org.apache.camel.vault.AwsVaultConfiguration@59225c3b, Arguments: [region, eu-west-1]]
15:13:19.682 [org.apache.camel.example.MyApplication.main()] INFO o.a.c.i.e.DefaultBeanIntrospection - Invoked: 5 times (overall) [Method: setProperty, Target: org.apache.camel.vault.AwsVaultConfiguration@59225c3b, Arguments: [secrets, SecretTest]]
15:13:19.703 [org.apache.camel.example.MyApplication.main()] INFO o.apache.camel.main.BaseMainSupport - Auto-configuration summary
15:13:19.704 [org.apache.camel.example.MyApplication.main()] INFO o.apache.camel.main.BaseMainSupport - []
15:13:19.705 [org.apache.camel.example.MyApplication.main()] INFO o.apache.camel.main.BaseMainSupport - [] camel.main.jmxEnabled=false
15:13:19.705 [org.apache.camel.example.MyApplication.main()] INFO o.apache.camel.main.BaseMainSupport - [] camel.main.beanIntrospectionLoggingLevel=INFO
15:13:19.705 [org.apache.camel.example.MyApplication.main()] INFO o.apache.camel.main.BaseMainSupport - [] camel.main.contextReloadEnabled=true
15:13:19.705 [org.apache.camel.example.MyApplication.main()] INFO o.apache.camel.main.BaseMainSupport - []
15:13:19.705 [org.apache.camel.example.MyApplication.main()] INFO o.apache.camel.main.BaseMainSupport - []
15:13:19.705 [org.apache.camel.example.MyApplication.main()] INFO o.apache.camel.main.BaseMainSupport - []
15:13:19.705 [org.apache.camel.example.MyApplication.main()] INFO o.apache.camel.main.BaseMainSupport - []
15:13:19.706 [org.apache.camel.example.MyApplication.main()] INFO o.apache.camel.main.BaseMainSupport - []
15:13:19.712 [org.apache.camel.example.MyApplication.main()] INFO o.apache.camel.main.BaseMainSupport - Scheduling: Optional[AWS Secrets Refresh Task] running every: 1m0s0ms
15:13:21.464 [org.apache.camel.example.MyApplication.main()] INFO o.a.c.i.engine.AbstractCamelContext - Apache Camel 3.19.0-SNAPSHOT (AWS-secrets-manager) is starting
15:13:21.504 [org.apache.camel.example.MyApplication.main()] INFO o.a.c.i.engine.AbstractCamelContext - Routes startup (started:1)
15:13:21.504 [org.apache.camel.example.MyApplication.main()] INFO o.a.c.i.engine.AbstractCamelContext - Started route1 (timer://myTimer)
15:13:21.518 [org.apache.camel.example.MyApplication.main()] INFO o.a.c.i.engine.AbstractCamelContext - Apache Camel 3.19.0-SNAPSHOT (AWS-secrets-manager) started in 1s3ms (build:45ms init:919ms start:39ms JVM-uptime:5s)
15:13:22.509 [Camel (AWS-secrets-manager) thread #2 - timer://myTimer] INFO route1 - Secret value is: secret
15:13:32.502 [Camel (AWS-secrets-manager) thread #2 - timer://myTimer] INFO route1 - Secret value is: secret
15:13:42.502 [Camel (AWS-secrets-manager) thread #2 - timer://myTimer] INFO route1 - Secret value is: secret
The example is running and it is using the original secret value. Now, in a different terminal, run the following AWS CLI command:
aws secretsmanager put-secret-value --secret-id SecretTest --region eu-west-1 --secret-string secretImproved
Now, get back, to the running Camel application and in the log you should see:
15:14:21.115 [Camel (AWS-secrets-manager) thread #1 - ManagementLoadTask] INFO o.a.c.c.a.s.v.CloudTrailReloadTriggerTask - Update for secret: SecretTest detected, triggering a CamelContext reload
15:14:21.116 [Camel (AWS-secrets-manager) thread #1 - ManagementLoadTask] INFO o.a.c.i.e.DefaultContextReloadStrategy - Reloading CamelContext (AWS-secrets-manager) triggered by: AWS-secrets-manager
15:14:22.433 [Camel (AWS-secrets-manager) thread #5 - timer://myTimer] INFO route1 - Secret value is: secretImproved
15:14:32.433 [Camel (AWS-secrets-manager) thread #5 - timer://myTimer] INFO route1 - Secret value is: secretImproved
15:14:42.433 [Camel (AWS-secrets-manager) thread #5 - timer://myTimer] INFO route1 - Secret value is: secretImproved
15:14:52.433 [Camel (AWS-secrets-manager) thread #5 - timer://myTimer] INFO route1 - Secret value is: secretImproved
The Camel context has been reloaded after we noticed a PutSecretValue
API invocation for this specific secret, in this specific region, in the AWS CloudTrail service.
The example will work even if you remove the property
, because the aws related properties will be taken into account automatically.
Now, stop the application.
Delete the secret
Simply run
aws secretsmanager delete-secret --secret-id SecretTest --region eu-west-1 --force-delete-without-recovery
If you hit any problem using Camel or have some feedback, then please let us know.
We also love contributors, so get involved :-)
The Camel riders!