I have 2 different secrets repositories in AWS Secrets Manager. Let’s call them secrets-A and secrets-B, which are used by 2 different microservices which we’ll call micro-A and micro-B.
micro-A and micro-B both need to access a shared secret value, secret-AB. Right now I am storing secret-AB in both secrets-A and secrets-B.
This is obviously fraught because what happens if we forget to update secret-AB in both secrets-A and secrets-B? micro-A and micro-B would then be out of sync.
Ideally I would like to have a common secret repo, secrets-common that both can pull from, so that perhaps it would look something like:
secrets-common: secret-AB="123456"
secrets-A: secret-AB={{secrets-common.secret-AB}}
secrets-B: secret-AB={{secrets-common.secret-AB}}
Note that micro-A should know nothing about the values in secrets-B and micro-B should know nothing about the values in secrets-A.
I’ve been searching around but not finding anything on how to do this.
>Solution :
AWS Secrets Manager does not work in the way you describe. Its pretty straight forward actually. To get a secret, you need the secret name. Each macro service can retrieve the value by referencing the name.
For example, assume you are using Java to get the value of a specific secret, the call looks like:
public static void getValue(SecretsManagerClient secretsClient,String secretName) {
try {
GetSecretValueRequest valueRequest = GetSecretValueRequest.builder()
.secretId(secretName)
.build();
GetSecretValueResponse valueResponse = secretsClient.getSecretValue(valueRequest);
String secret = valueResponse.secretString();
System.out.println(secret);
} catch (SecretsManagerException e) {
System.err.println(e.awsErrorDetails().errorMessage());
System.exit(1);
}
}