方式一:
java#nacos配置文件 data.yml: spring: cloud: nacos: discovery: ip: ****.com port: 80 datasource: driver-class-name: com.mysql.cj.jdbc.Driver url: jdbc:mysql://*********/database?useUnicode=true&characterEncoding=UTF-8&autoReconnect=true&failOverReadOnly=false&serverTimezone=Asia/Shanghai&zeroDateTimeBehavior=convertToNull hikari: idle-timeout: 60000 connection-timeout: 60000 validation-timeout: 3000 login-timeout: 5 max-lifetime: 60000 maximum-pool-size: 20 #项目配置文件 bootstrap-test.yml spring: cloud: nacos: discovery: server-addr: http://nacos-headless:8848 config: server-addr: http://nacos-headless:8848 namespace: TEST file-extension: yml extension-configs: - group: DEFAULT_GROUP data-id: global.yml - group: common data-id: common.yml - group: data data-id: db.yml refresh: true sm: region: eu-central-1 doc: dev-fra-as-api-mongodb-user-root-ZMEAVyQppET6GPf rdsp: dev-fra-as-api-rds-user-root-xp78N8GvtScLmGn rdss: dev-fra-as-pms-rds-v2-readonly-from-sin-user-fra-appplayer-gp3Sex9vbXDU6PL 代码 package com.yuruo.reco.config; import java.util.HashMap; import java.util.Map; import org.springframework.boot.SpringApplication; import org.springframework.boot.env.EnvironmentPostProcessor; import org.springframework.core.env.ConfigurableEnvironment; import org.springframework.core.env.MapPropertySource; import org.springframework.core.env.MutablePropertySources; import org.springframework.core.env.PropertySource; import com.yuruo.reco.dto.SecretDto; import com.yuruo.reco.utils.JsonUtils; import software.amazon.awssdk.auth.credentials.DefaultCredentialsProvider; import software.amazon.awssdk.regions.Region; import software.amazon.awssdk.services.secretsmanager.SecretsManagerClient; import software.amazon.awssdk.services.secretsmanager.model.GetSecretValueRequest; public class SecretsManagerEnvironmentPostProcessor implements EnvironmentPostProcessor { @Override public void postProcessEnvironment(ConfigurableEnvironment environment, SpringApplication application) { MutablePropertySources propertySources = environment.getPropertySources(); for (PropertySource<?> propertySource : propertySources) { if (propertySource.getName().contains("[bootstrap-" + environment.getActiveProfiles()[0] + ".yml]")) { Region region = Region.of(propertySource.getProperty("sm.region").toString()); SecretsManagerClient client = SecretsManagerClient.builder().region(region).credentialsProvider(DefaultCredentialsProvider.create()).build(); // 读取配置 String primarySecret = getSecretRes(client, propertySource.getProperty("sm.rdsp").toString()); SecretDto secret = JsonUtils.stringToJavaObject(primarySecret, SecretDto.class); Map<String, Object> source = new HashMap<>(); source.put("spring.datasource.primary.username", secret.getUsername()); source.put("spring.datasource.primary.password", secret.getPassword()); String secondarySecret = getSecretRes(client, propertySource.getProperty("sm.rdss").toString()); secret = JsonUtils.stringToJavaObject(secondarySecret, SecretDto.class); source.put("spring.datasource.secondary.username", secret.getUsername()); source.put("spring.datasource.secondary.password", secret.getPassword()); String mongosecret = getSecretRes(client, propertySource.getProperty("sm.doc").toString()); secret = JsonUtils.stringToJavaObject(mongosecret, SecretDto.class); source.put("spring.data.mongodb.uri", "mongodb://" + secret.getUsername() + ":" + secret.getPassword() + "@" + secret.getHost() + ":" + secret.getPort()); propertySources.addLast(new MapPropertySource("secretsManagerPropertySource", source)); } } } private String getSecretRes(SecretsManagerClient client, String secretName) { GetSecretValueRequest request = GetSecretValueRequest.builder().secretId(secretName).build(); return client.getSecretValue(request).secretString(); } }方式二:
javasrc/main/resources/META-INF/spring.factories org.springframework.boot.env.EnvironmentPostProcessor=com.yuruo.reco.config.SecretsManagerEnvironmentPostProcessor spring: jpa: properties: hibernate: dialect: org.hibernate.dialect.MySQL8Dialect cloud: nacos: discovery: ip: ****.com port: 80 datasource: driver-class-name: com.mysql.cj.jdbc.Driver url: jdbc:mysql://*********/database?useUnicode=true&characterEncoding=UTF-8&autoReconnect=true&failOverReadOnly=false&serverTimezone=Asia/Shanghai&zeroDateTimeBehavior=convertToNull username: ${DB_USETRNAME} password: ${DB_PASSWORD} hikari: idle-timeout: 60000 connection-timeout: 60000 validation-timeout: 3000 login-timeout: 5 max-lifetime: 60000 maximum-pool-size: 20 package com.yuruo.reco.config; import org.apache.commons.lang3.StringUtils; import org.springframework.boot.SpringApplication; import org.springframework.boot.env.EnvironmentPostProcessor; import org.springframework.core.env.ConfigurableEnvironment; import com.yuruo.reco.constant.SecretConstant; import com.yuruo.reco.dto.SecretDto; import com.yuruo.reco.utils.JsonUtils; import software.amazon.awssdk.auth.credentials.DefaultCredentialsProvider; import software.amazon.awssdk.regions.Region; import software.amazon.awssdk.services.secretsmanager.SecretsManagerClient; import software.amazon.awssdk.services.secretsmanager.model.GetSecretValueRequest; public class SecretsManagerEnvironmentPostProcessor implements EnvironmentPostProcessor { @Override public void postProcessEnvironment(ConfigurableEnvironment environment, SpringApplication application) { Region region = Region.of(SecretConstant.SECRET_REGION); SecretsManagerClient client = SecretsManagerClient.builder().region(region).credentialsProvider(DefaultCredentialsProvider.create()).build(); String primarySecret = getSecretRes(client, SecretConstant.SECRET_PRIMARY); if(StringUtils.isNotBlank(primarySecret)) { SecretDto secret = JsonUtils.stringToJavaObject(primarySecret, SecretDto.class); System.setProperty("DB1_USETRNAME", secret.getUsername()); System.setProperty("DB1_PASSWORD", secret.getPassword()); } String secondarySecret = getSecretRes(client, SecretConstant.SECRET_SECONDARY); if(StringUtils.isNotBlank(secondarySecret)) { SecretDto secret = JsonUtils.stringToJavaObject(secondarySecret, SecretDto.class); System.setProperty("DB2_USETRNAME", secret.getUsername()); System.setProperty("DB2_PASSWORD", secret.getPassword()); } String mongosecret = getSecretRes(client, SecretConstant.SECRET_MONGO); if(StringUtils.isNotBlank(mongosecret)) { SecretDto secret = JsonUtils.stringToJavaObject(mongosecret, SecretDto.class); System.setProperty("MGDB_URI", "mongodb://"+secret.getUsername()+":"+secret.getPassword()+"@"+ secret.getHost()+":"+secret.getPort()+"/?replicaSet=rs0&readPreference=secondaryPreferred&retryWrites=false"); } } private String getSecretRes(SecretsManagerClient client, String secretName) { GetSecretValueRequest request = GetSecretValueRequest.builder().secretId(secretName).build(); return client.getSecretValue(request).secretString(); } }
springboot + nacos + aws secretmanager 做账号密码隐私处理
宇若-凉凉2024-03-06 1:08
相关推荐
考虑考虑13 小时前
Jpa使用union all阿杆1 天前
同事嫌参数校验太丑,我直接掏出了更优雅的 SpEL Validator昵称为空C2 天前
SpringBoot3 http接口调用新方式RestClient + @HttpExchange像使用Feign一样调用麦兜*2 天前
MongoDB Atlas 云数据库实战:从零搭建全球多节点集群麦兜*2 天前
MongoDB 在物联网(IoT)中的应用:海量时序数据处理方案汤姆yu2 天前
基于springboot的毕业旅游一站式定制系统计算机毕业设计木哥2 天前
计算机毕设选题推荐:基于Java+SpringBoot物品租赁管理系统【源码+文档+调试】hdsoft_huge2 天前
Java & Spring Boot常见异常全解析:原因、危害、处理与防范AD钙奶-lalala2 天前
SpringBoot实现WebSocket服务端毕设源码-朱学姐3 天前
【开题答辩全过程】以 4S店汽车维修保养管理系统为例,包含答辩的问题和答案