AWS Secret Service

The AWS Secret Service provides an integration with the AWS Secrets Manager service for securely storing secrets.

First, ensure that the com.psddev:aws-secret dependency is included in your project’s build.gradle file.

Configuration of the AWS Secret Service is done via environment variables, typically in your Tomcat context.xml file. The key and respective values are described in the table below:

KeyValue
brightspot/cms/defaultSecretService The name of the default secret service. This is used in other keys below and is designated as {name} .
brightspot/cms/secretService/{name}/class com.psddev.aws.secret.AwsSecretService

brightspot/cms/secretService/{name}/prefix

(Optional) A prefix value to apply to all key names in AWS Secret Manager. This could be useful if you want to namespace all keys coming from with some prefix value to more easily identify them.

The AWS Secrets Service uses the Default AWS Credentials Provider Chain to obtain AWS credentials for the AWS Secret Manager API. This system looks for credentials in a chain of locations including environment variables, system properties, and local credential files. AWS credentials must be provided in one of these locations for the AWS Secrets Service to function.