This project is licensed under the Apache-2.0 License.
Apache Kafka Configuration Provider for AWS able to retrieve secrets from AWS Secrets Manager.
After you've downloaded the code from GitHub, you can build it using Gradle. Use this command:
gradle clean build
The generated jar files can be found at: build/libs/.
An uber jar containing the library and all its relocated dependencies except the kafka client can also be built. Use this command:
gradle clean shadowJar
The generated uber jar file can also be found at: build/libs/. At runtime, the uber jar expects to find the kafka
client library on the classpath.
To ensure no security vulnerabilities in the dependency libraries, run the following.
gradle dependencyCheckAnalyze
If the above reports any vulnerabilities, upgrade dependencies to use the respective latest versions.
Apache Kafka Configuration Provider for AWS Secrets Manager finds IAM credentials using the AWS Default Credentials Provider Chain. To overwrite you need to set optional parammeters cloud.access.key and cloud.access.secret
Mandatory parameter, name of AWS region
Credentials for accessing AWS services, use only when you need to overwrite credentials from AWS Default Credentials Provider Chain
Credentials secret for accessing AWS services. Required only when cloud.access.key is set
The time interval in ms during which the secret is considered valid. Default value - Duration.ofDays(30).toMillis(). Set the value according to the key rotation schedule, when this time interval expires the AWS Secret Manager is queried again, causing connector(s) to restart
-
Open the Secrets Manager console at https://console.aws.amazon.com/secretsmanager/
-
Create a new secret to store your database sign-in credentials. For instructions, see Create a secret in the AWS Secrets Manager User Guide
-
Create a custom worker configuration with information about Apache Kafka Configuration Provider for AWS Secrets Manager
config.providers=secretsManager
config.providers.secretsManager.class=solutions.a2.kafka.config.aws.AwsSecretsManagerProvider
config.providers.secretsManager.param.cloud.region=<AWS region>
- Set for connector (example below for Debezium credentials)
database.user=<${secretsManager:test/oracle/TESTDATA:username}>"
database.password=<${secretsManager:test/oracle/TESTDATA:password}>"
- Aleksej Veremeev - Initial work - A2 Rešitve d.o.o.
This project is licensed under the Apache License - see the LICENSE file for details