我能够像其他任何数据库连接一样成功连接到RDS. 我使用spring jpa数据(存储库)对postgres db进行CRUD操作. 目前,我在属性文件中提供了db url和凭据
I was successfully able to connect to RDS like any other database connection. I use spring jpa data ( repository ) to do CRUD operation on postgres db. currently I provide the db url and the credential in the properties file
spring: datasource: url: jdbc:postgresql://<rds-endpoint>:5432/<dbschema> username: <dbuser> password: <dbpassword>但是,在连接到生产或预生产时,这不是选项. 这里的最佳做法是什么? AWS是否提供任何内置机制来从端点读取这些详细信息,例如在访问S3的情况下?
However this is not an option while connecting to production or preproduction. what is the best practise here. Does AWS provide any inbuild mechanism to read these details from an endpoint like in the case of accessing S3 ?
我的意图不是公开密码.
My intention is not expose the password.
推荐答案您可以使用以下几种选择:
Several options are available to you:
对于2和3,使用PropertyPlaceholderConfiguration和AWSSimpleSystemsManagement客户端(GetParameter请求)在Spring中启动应用程序时查找密码. SystemsManager可以代理请求到SecretsManager在代码中保留一个接口来访问参数.
For 2 and 3, look up the password on application start in Spring using a PropertyPlaceholderConfiguration and the AWSSimpleSystemsManagement client (GetParameter request). SystemsManager can proxy requests to SecretsManager to keep a single interface in your code to access parameters.
IAM凭证在以下方面更安全:
IAM credentials is more secure in that:
更多推荐
从Java连接到AWS RDS而不暴露密码
发布评论