SecretsManagerConfigProvider

com.github.jcustenborder.kafka.config.aws.SecretsManagerConfigProvider

This config provider is used to retrieve secrets from the AWS Secrets Manager service.

Tip

Config providers can be used with anything that supports the AbstractConfig base class that is shipped with Apache Kafka.

Secret Value

The value for the secret must be formatted as a JSON object. This allows multiple keys of data to be stored in a single secret. The name of the secret in AWS Secrets Manager will correspond to the path that is requested by the config provider.

Example Secret Value

{
  "username" : "${secretManager:secret/test/some/connector:username}",
  "password" : "${secretManager:secret/test/some/connector:password}"
}

Examples:

• Token

Configuration

General

aws.access.key

AWS access key ID to connect with. If this value is not set the DefaultAWSCredentialsProviderChain will be used to attempt loading the credentials from several default locations.

Importance: HIGH

Type: STRING

aws.region

Sets the region to be used by the client. For example us-west-2

Importance: HIGH

Type: STRING

aws.secret.key

AWS secret access key to connect with.

Importance: HIGH

Type: PASSWORD

Default Value: [hidden]

secret.prefix

Sets a prefix that will be added to all paths. For example you can use staging or production and all of the calls to Secrets Manager will be prefixed with that path. This allows the same configuration settings to be used across multiple environments.

Importance: LOW

Type: STRING

secret.ttl.ms

The minimum amount of time that a secret should be used. After this TTL has expired Secrets Manager will be queried again in case there is an updated configuration.

Importance: LOW

Type: LONG

Default Value: 300000

Validator: [1000,…]