Integrate Google Cloud Secret Manager with Spring Boot

In this section, we will learn how to integrate Google Secret Manager with Spring Boot.


1.  A little bit of Background

Google Cloud Secret Manager

Secret Manager is a secure and convenient storage system for API keys, passwords, certificates, and other sensitive data. Secret Manager provides a central place and single source of truth to manage, access, and audit secrets across Google Cloud.

Spring Boot

Spring Boot makes it easy to create stand-alone, production-grade Spring-based Applications that you can "just run". 


2. Create a GCP Project

We will need to create or select a GCP project. 

First, Sign into the Google console at https://console.cloud.google.com.

You can create a new project by first selecting the project dropdown in the top left and selecting "New Project". 


Next, specify your GCP Project name and Project ID.

Then Click on the "CREATE" button.


3. Enable Secret Manager and Configure a Secret

From cloud console, search for "Secret Manager" like below and click on "Secret Manager" button.

Then, click on "ENABLE" button.

Then, click on "CREATE SECRET" button.

You will be taken to a "Create secret" page like the below image,

Enter the "Name" and "Secret value" like above image. Then click on "CREATE SECRET" button.


4. Creating a simple spring boot web application

First, open the Spring initializr https://start.spring.io/ 

Then, Provide the Group and Artifact name. We have provided Group name com.knf.dev.demo and Artifact spring-boot-google-secret-manager. Here I selected the Maven project - language Java 11 - Spring Boot 2.7.9 and add Spring web dependency and GCP Support.

Then, click on the Generate button. When we click on the Generate button, it starts packing the project in a .zip(spring-boot-google-secret-manager) file and downloads the project. Then, Extract the Zip file. 

Then, import the project on your favourite IDE.

Final Project directory:


In the pom.xml, add the Secret Manager Starter dependency:

<dependency>
<groupId>com.google.cloud</groupId>
<artifactId>spring-cloud-gcp-starter-secretmanager</artifactId>
</dependency>


Complete pom.xml

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
https://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.7.9</version>
<relativePath/> <!-- lookup parent from repository -->
</parent>
<groupId>com.knf.dev.demo</groupId>
<artifactId>spring-boot-google-secret-manager</artifactId>
<version>0.0.1-SNAPSHOT</version>
<name>spring-boot-google-secret-manager</name>
<description>Demo project for Spring Boot</description>
<properties>
<java.version>11</java.version>
<spring-cloud-gcp.version>3.4.4</spring-cloud-gcp.version>
<spring-cloud.version>2021.0.5</spring-cloud.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>com.google.cloud</groupId>
<artifactId>spring-cloud-gcp-starter</artifactId>
</dependency>
<!-- Add Secret Manager Starter -->
<dependency>
<groupId>com.google.cloud</groupId>
<artifactId>spring-cloud-gcp-starter-secretmanager</artifactId>
</dependency>

<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
</dependencies>
<dependencyManagement>
<dependencies>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-dependencies</artifactId>
<version>${spring-cloud.version}</version>
<type>pom</type>
<scope>import</scope>
</dependency>
<dependency>
<groupId>com.google.cloud</groupId>
<artifactId>spring-cloud-gcp-dependencies</artifactId>
<version>${spring-cloud-gcp.version}</version>
<type>pom</type>
<scope>import</scope>
</dependency>
</dependencies>
</dependencyManagement>

<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
</plugins>
</build>

</project>


Create Secret Controller

package com.knf.dev.demo.controller;

import org.springframework.beans.factory.annotation.Value;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;

@RestController
public class SecretController {

@Value("${sm://knf-secret}")
String secretMessage;

@GetMapping("/secret")
public String getSecretMessage()
{
return secretMessage;
}
}
  • @Value annotation can be used for injecting values into fields in Spring-managed beans, and it can be applied at the field or constructor/method parameter level. Here, you can use the @Value annotation to refer to the secret property using the sm:// prefix. In the SecretController class, inject the knf-secret value using the @Value annotation.
  • Spring @RestController annotation is used to create RESTful web services using Spring MVC. Spring RestController takes care of mapping request data to the defined request handler method. Once response body is generated from the handler method, it converts it to JSON response.
  • @GetMapping annotation for mapping HTTP GET requests onto specific handler methods.


Application.java

package com.knf.dev.demo;

import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;

@SpringBootApplication
public class Application {

public static void main(String[] args) {
SpringApplication.run(Application.class, args);
}

}

Application is the entry point that sets up the Spring Boot application. The @SpringBootApplication annotation enables auto-configuration and component scanning.



5. Create a New Repository and Upload Files on GitHub

First, sign in to Github https://github.com/ 

Then, create a new repository "spring-boot-google-secret-manager". 

Then, upload the source code from your local machine to the newly created Github repo.


6. Launch the Spring Boot application from Cloud Shell

Start the Google Cloud Shell in the browser.

Button to activate cloud shell is marked in the below image.

Next, clone the git repository:

git clone https://github.com/knowledgefactory4u/spring-boot-google-secret-manager.git


Change the directory to spring-boot-google-secret-manager.

cd spring-boot-google-secret-manager


You can start the Spring Boot app with the Spring Boot plugin.

mvn -DskipTests spring-boot:run


If everything goes fine, then you will see the following similar output in your cloud shell:

Click on the Web Preview icon the Cloud Shell toolbar and choose preview on port 8080.

Next section: Deploy a Spring Boot application in Google Cloud App Engine - Click here!

Comments

Popular posts from this blog

Learn Java 8 streams with an example - print odd/even numbers from Array and List

Java, Spring Boot Mini Project - Library Management System - Download

Java - DES Encryption and Decryption example

Java - Blowfish Encryption and decryption Example

Google Cloud Storage + Spring Boot - File Upload, Download, and Delete

ReactJS - Bootstrap - Buttons

Top 5 Java ORM tools - 2024

Spring Boot 3 + Spring Security 6 + Thymeleaf - Registration and Login Example

File Upload, Download, And Delete - Azure Blob Storage + Spring Boot Example

Java - How to Count the Number of Occurrences of Substring in a String