springboot + nacos + aws secretmanager 做账号密码隐私处理

方式一:

java 复制代码
#nacos配置文件

data.yml:
spring:
  cloud:
    nacos:
      discovery:
        ip: ****.com
        port: 80
  datasource:
    driver-class-name: com.mysql.cj.jdbc.Driver
    url: jdbc:mysql://*********/database?useUnicode=true&characterEncoding=UTF-8&autoReconnect=true&failOverReadOnly=false&serverTimezone=Asia/Shanghai&zeroDateTimeBehavior=convertToNull
    hikari:
      idle-timeout: 60000
      connection-timeout: 60000
      validation-timeout: 3000
      login-timeout: 5
      max-lifetime: 60000
      maximum-pool-size: 20

#项目配置文件

bootstrap-test.yml
spring:
  cloud:
    nacos:
      discovery:
        server-addr: http://nacos-headless:8848
      config:
        server-addr: http://nacos-headless:8848
        namespace: TEST
        file-extension: yml
        extension-configs:
          - group: DEFAULT_GROUP
            data-id: global.yml
          - group: common
            data-id: common.yml
          - group: data
            data-id: db.yml
            refresh: true

sm: 
  region: eu-central-1
  doc: dev-fra-as-api-mongodb-user-root-ZMEAVyQppET6GPf
  rdsp: dev-fra-as-api-rds-user-root-xp78N8GvtScLmGn
  rdss: dev-fra-as-pms-rds-v2-readonly-from-sin-user-fra-appplayer-gp3Sex9vbXDU6PL



代码

package com.yuruo.reco.config;

import java.util.HashMap;
import java.util.Map;

import org.springframework.boot.SpringApplication;
import org.springframework.boot.env.EnvironmentPostProcessor;
import org.springframework.core.env.ConfigurableEnvironment;
import org.springframework.core.env.MapPropertySource;
import org.springframework.core.env.MutablePropertySources;
import org.springframework.core.env.PropertySource;

import com.yuruo.reco.dto.SecretDto;
import com.yuruo.reco.utils.JsonUtils;

import software.amazon.awssdk.auth.credentials.DefaultCredentialsProvider;
import software.amazon.awssdk.regions.Region;
import software.amazon.awssdk.services.secretsmanager.SecretsManagerClient;
import software.amazon.awssdk.services.secretsmanager.model.GetSecretValueRequest;

public class SecretsManagerEnvironmentPostProcessor implements EnvironmentPostProcessor {

    @Override
    public void postProcessEnvironment(ConfigurableEnvironment environment, SpringApplication application) {
        MutablePropertySources propertySources = environment.getPropertySources();
        for (PropertySource<?> propertySource : propertySources) {
            if (propertySource.getName().contains("[bootstrap-" + environment.getActiveProfiles()[0] + ".yml]")) {
                Region region = Region.of(propertySource.getProperty("sm.region").toString());
                SecretsManagerClient client = SecretsManagerClient.builder().region(region).credentialsProvider(DefaultCredentialsProvider.create()).build();
                // 读取配置
                String primarySecret = getSecretRes(client, propertySource.getProperty("sm.rdsp").toString());
                SecretDto secret = JsonUtils.stringToJavaObject(primarySecret, SecretDto.class);
                Map<String, Object> source = new HashMap<>();
                source.put("spring.datasource.primary.username", secret.getUsername());
                source.put("spring.datasource.primary.password", secret.getPassword());
                String secondarySecret = getSecretRes(client, propertySource.getProperty("sm.rdss").toString());
                secret = JsonUtils.stringToJavaObject(secondarySecret, SecretDto.class);
                source.put("spring.datasource.secondary.username", secret.getUsername());
                source.put("spring.datasource.secondary.password", secret.getPassword());
                String mongosecret = getSecretRes(client, propertySource.getProperty("sm.doc").toString());
                secret = JsonUtils.stringToJavaObject(mongosecret, SecretDto.class);
                source.put("spring.data.mongodb.uri", "mongodb://" + secret.getUsername() + ":" + secret.getPassword()
                        + "@" + secret.getHost() + ":" + secret.getPort());
                propertySources.addLast(new MapPropertySource("secretsManagerPropertySource", source));
            }
        }
    }

    private String getSecretRes(SecretsManagerClient client, String secretName) {
        GetSecretValueRequest request = GetSecretValueRequest.builder().secretId(secretName).build();
        return client.getSecretValue(request).secretString();
    }

}

方式二:

java 复制代码
src/main/resources/META-INF/spring.factories
org.springframework.boot.env.EnvironmentPostProcessor=com.yuruo.reco.config.SecretsManagerEnvironmentPostProcessor


spring:
  jpa:
    properties:
      hibernate:
        dialect: org.hibernate.dialect.MySQL8Dialect
  cloud:
    nacos:
      discovery:
        ip: ****.com
        port: 80
  datasource:
    driver-class-name: com.mysql.cj.jdbc.Driver
    url: jdbc:mysql://*********/database?useUnicode=true&characterEncoding=UTF-8&autoReconnect=true&failOverReadOnly=false&serverTimezone=Asia/Shanghai&zeroDateTimeBehavior=convertToNull
    username: ${DB_USETRNAME}
    password: ${DB_PASSWORD}
    hikari:
      idle-timeout: 60000
      connection-timeout: 60000
      validation-timeout: 3000
      login-timeout: 5
      max-lifetime: 60000
      maximum-pool-size: 20

package com.yuruo.reco.config;

import org.apache.commons.lang3.StringUtils;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.env.EnvironmentPostProcessor;
import org.springframework.core.env.ConfigurableEnvironment;

import com.yuruo.reco.constant.SecretConstant;
import com.yuruo.reco.dto.SecretDto;
import com.yuruo.reco.utils.JsonUtils;

import software.amazon.awssdk.auth.credentials.DefaultCredentialsProvider;
import software.amazon.awssdk.regions.Region;
import software.amazon.awssdk.services.secretsmanager.SecretsManagerClient;
import software.amazon.awssdk.services.secretsmanager.model.GetSecretValueRequest;

public class SecretsManagerEnvironmentPostProcessor implements EnvironmentPostProcessor {

	@Override
	public void postProcessEnvironment(ConfigurableEnvironment environment, SpringApplication application) {
		Region region = Region.of(SecretConstant.SECRET_REGION);
		SecretsManagerClient client = SecretsManagerClient.builder().region(region).credentialsProvider(DefaultCredentialsProvider.create()).build();

		String primarySecret = getSecretRes(client, SecretConstant.SECRET_PRIMARY);
		if(StringUtils.isNotBlank(primarySecret)) {
			SecretDto secret = JsonUtils.stringToJavaObject(primarySecret, SecretDto.class);
			System.setProperty("DB1_USETRNAME", secret.getUsername());
			System.setProperty("DB1_PASSWORD", secret.getPassword());
		}

		String secondarySecret = getSecretRes(client, SecretConstant.SECRET_SECONDARY);
		if(StringUtils.isNotBlank(secondarySecret)) {
			SecretDto secret = JsonUtils.stringToJavaObject(secondarySecret, SecretDto.class);
			System.setProperty("DB2_USETRNAME", secret.getUsername());
			System.setProperty("DB2_PASSWORD", secret.getPassword());
		}

		String mongosecret = getSecretRes(client, SecretConstant.SECRET_MONGO);
		if(StringUtils.isNotBlank(mongosecret)) {
			SecretDto secret = JsonUtils.stringToJavaObject(mongosecret, SecretDto.class);
			System.setProperty("MGDB_URI", "mongodb://"+secret.getUsername()+":"+secret.getPassword()+"@"+ secret.getHost()+":"+secret.getPort()+"/?replicaSet=rs0&readPreference=secondaryPreferred&retryWrites=false");
		}

	}

	private String getSecretRes(SecretsManagerClient client, String secretName) {
		GetSecretValueRequest request = GetSecretValueRequest.builder().secretId(secretName).build();
		return client.getSecretValue(request).secretString();
	}

}
相关推荐
上官浩仁10 分钟前
springboot synchronized 本地锁入门与实战
java·spring boot·spring
m0_7484613920 分钟前
Spring Boot + Vue 项目中使用 Redis 分布式锁案例
vue.js·spring boot·redis
山东小木20 分钟前
JBoltAI需求分析大师:基于SpringBoot的大模型智能需求文档生成解决方案
人工智能·spring boot·后端·需求分析·jboltai·javaai·aigs
哈喽姥爷2 小时前
Spring Boot--Bean的扫描和注册
java·spring boot·后端·bean的扫描和注册
problc2 小时前
Spring Boot `@Service` 互相调用全攻略:`@Autowired` vs `@Resource`
java·spring boot·后端
Rysxt_3 小时前
Spring Boot Gateway 教程:从入门到精通
spring boot·网关·gateway
草履虫建模4 小时前
在 RuoYi 中接入 3D「园区驾驶舱」:Vue2 + Three.js + Nginx
运维·开发语言·javascript·spring boot·nginx·spring cloud·微服务
Barcke4 小时前
📘 初识 WebFlux
spring boot·后端·spring
橘子在努力4 小时前
【橘子SpringCloud】OpenFegin源码分析
java·spring boot·spring·spring cloud
十八旬5 小时前
苍穹外卖项目实战(day7-2)-购物车操作功能完善-记录实战教程、问题的解决方法以及完整代码
java·开发语言·windows·spring boot·mysql