By using AWS re:Post, you agree to the Terms of Use

Can i access Secrets Manager from Tomcat


We have a WAR file deployed on Tomcat and the database credentials are fetched through JNDI. This WAR now has to be moved to AWS cloud, and the requirement is db credentials has to be stored in AWS Secret Manager. My question is can I continue using JNDI/Tomcat along with Secret Manager ? I understand AWS SM has API and SDKs to access it, can that be integrated with JNDI/Tomcat somehow ? All posts I have seen mentions using the API/SDK directly from code, none i have found say anything about server integration. Is accessing AWS SM from code really the best way to do it ? Thanks.
A side note - for some reason unknown to me, we cannot use BeanStalk, it is just Tomcat on an EC2 instance.

asked 3 years ago253 views
2 Answers

Maybe you could use the JDBC driver wrapper: If you are using a connection pool manager you can follow the example in the README and replace the JDBC library with the wrapper library, specifying the secret in the configuration. The wrapper will then retrieve the secret and pass it to the real JDBC library.

If you are not using a connection pool manager, you could still replace the existing JDBC driver with the wrapper, but this would take some code modifications.

By using the wrapper, you can also turn on auto-rotation on the DB password since the wrapper knows to re-fetch the secret after it changes.

answered 3 years ago

Thank you JoeB. I am planning to use the wrapper in a customized JNDI component in Tomcat and see how it goes.

answered 3 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions