diff --git a/support-portal-backend/pom.xml b/support-portal-backend/pom.xml
index 18f2332..0ec86f5 100644
--- a/support-portal-backend/pom.xml
+++ b/support-portal-backend/pom.xml
@@ -92,6 +92,12 @@
1.12.75
+
+ com.github.ulisesbocchio
+ jasypt-spring-boot-starter
+ 2.0.0
+
+
org.springframework.boot
spring-boot-starter-test
diff --git a/support-portal-backend/src/main/java/net/shyshkin/study/fullstack/supportportal/backend/config/SecretsManagerPropertiesListener.java b/support-portal-backend/src/main/java/net/shyshkin/study/fullstack/supportportal/backend/config/SecretsManagerPropertiesListener.java
index 897856d..60c3cd5 100644
--- a/support-portal-backend/src/main/java/net/shyshkin/study/fullstack/supportportal/backend/config/SecretsManagerPropertiesListener.java
+++ b/support-portal-backend/src/main/java/net/shyshkin/study/fullstack/supportportal/backend/config/SecretsManagerPropertiesListener.java
@@ -6,7 +6,7 @@ import com.amazonaws.services.secretsmanager.model.*;
import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
import lombok.extern.slf4j.Slf4j;
-import org.springframework.boot.context.event.ApplicationPreparedEvent;
+import org.springframework.boot.context.event.ApplicationEnvironmentPreparedEvent;
import org.springframework.context.ApplicationListener;
import org.springframework.core.env.ConfigurableEnvironment;
import org.springframework.core.env.PropertiesPropertySource;
@@ -16,29 +16,37 @@ import java.util.Base64;
import java.util.Properties;
@Slf4j
-public class SecretsManagerPropertiesListener implements ApplicationListener {
+public class SecretsManagerPropertiesListener implements ApplicationListener {
private ObjectMapper mapper = new ObjectMapper();
@Override
- public void onApplicationEvent(ApplicationPreparedEvent event) {
+ public void onApplicationEvent(ApplicationEnvironmentPreparedEvent event) {
- String activeProfiles = event.getApplicationContext().getEnvironment().getProperty("spring.profiles.active");
- if (activeProfiles == null || !activeProfiles.contains("aws-rds")) return;
+ System.out.println("ApplicationListener invoked");
+ log.info("ApplicationListener invoked");
+
+ ConfigurableEnvironment environment = event.getEnvironment();
+ String activeProfiles = environment.getProperty("spring.profiles.active");
+// if (activeProfiles == null || !activeProfiles.contains("aws-rds")) return;
String secretJson = getSecret();
log.debug("Retrieved secretJson from Secret Manager: {}", secretJson);
+ System.out.println("Retrieved secretJson from Secret Manager: " + secretJson);
- String jwtSecret = getString(secretJson, "app_jwt_secret");
- String springDatasourceUsername = getString(secretJson, "spring_datasource_username");
- String springDatasourcePassword = getString(secretJson, "spring_datasource_password");
+ String jasyptPassword = getString(secretJson, "jasypt_password");
+// String jwtSecret = getString(secretJson, "app_jwt_secret");
+// String springDatasourceUsername = getString(secretJson, "spring_datasource_username");
+// String springDatasourcePassword = getString(secretJson, "spring_datasource_password");
- ConfigurableEnvironment environment = event.getApplicationContext().getEnvironment();
Properties props = new Properties();
- props.put("app.jwt.secret", jwtSecret);
- props.put("spring.datasource.username", springDatasourceUsername);
- props.put("spring.datasource.password", springDatasourcePassword);
+ System.setProperty("JASYPT_PASSWORD", jasyptPassword);
+ props.put("jasypt.encryptor.password", jasyptPassword);
+
+// props.put("app.jwt.secret", jwtSecret);
+// props.put("spring.datasource.username", springDatasourceUsername);
+// props.put("spring.datasource.password", springDatasourcePassword);
environment.getPropertySources().addFirst(new PropertiesPropertySource("aws.secret.manager", props));
diff --git a/support-portal-backend/src/main/resources/application.yml b/support-portal-backend/src/main/resources/application.yml
index b35ef0a..27a07ab 100644
--- a/support-portal-backend/src/main/resources/application.yml
+++ b/support-portal-backend/src/main/resources/application.yml
@@ -21,8 +21,8 @@ spring:
datasource:
driver-class-name: com.mysql.cj.jdbc.Driver
url: jdbc:mysql://mysql:3306/support-portal
- username: support_portal_user
- password: support_portal_password
+ username: ENC(bGNdXu0n1sQxtHpAQy8E/fegT25zKbk6iTZoqg8ddaU=)
+ password: ENC(hZarzMkUMf97sQ07tD58A2HOhbdoPdZtcpkif4vR9jY=)
jpa:
hibernate:
ddl-auto: update
@@ -44,8 +44,12 @@ app:
cors:
allowed-origins: http://localhost:4200,https://localhost:4200,http://art-support-portal.s3-website.eu-north-1.amazonaws.com,http://portal.shyshkin.net
jwt:
- secret: VeRy_5ecretP@55W0rd!
+ secret: ENC(VAMFn7FEkahKbzf+99EzkajMeLjE/WvJLCadLVZXSE8=)
# secret: ${random.value} #Does not work - every time generates new value
+jasypt:
+ encryptor:
+ password: ${JASYPT_PASSWORD}
+
---
spring:
config:
@@ -94,13 +98,13 @@ spring:
on-profile: aws-rds
datasource:
url: jdbc:mysql://portal-db.coaum9neetxc.eu-north-1.rds.amazonaws.com:3306/support_portal
- username: portal_user
- password: Supp0rt_Porta!_PAssword
+ username: ENC(35q85d0/Lei1FAWM5zvqUyfnOxvUYqWG)
+ password: ENC(IN86fPa4xxATIP1S5fV94fos3drWXOTCurStNvQYM9s=)
mail:
host: email-smtp.eu-north-1.amazonaws.com
port: 587
- username: AKIAVW7XGDOWFHHCELIH
- password: BJyWOWS1xWYR35MRCFn3BuuQ6vY+k7DRsdAvOfqDs/Fk
+ username: ENC(WWVCoLPOjjNlfepTKeRFF4wep6onc3LnbkoPGh+Xwqc=)
+ password: ENC(VTO/7U6tFHSzMs6UtTusUXSWAUkgLaTbsqvsVphIvCS9VfdEd9nx8+919i7usoKwvuzWZPFx4/8=)
# we want to test (1) from localhost, (2) from S3 bucket Static Web Site, (3) from our EC2 instance
app: