- Home
- Skills
- Giuseppe Trisciuoglio
- Developer Kit
- Aws Sdk Java V2 Secrets Manager
aws-sdk-java-v2-secrets-manager_skill
- Python
99
GitHub Stars
1
Bundled Files
2 months ago
Catalog Refreshed
4 months ago
First Indexed
Readme & install
Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.
Installation
Preview and clipboard use veilstrat where the catalogue uses aiagentskills.
npx veilstrat add skill giuseppe-trisciuoglio/developer-kit --skill aws-sdk-java-v2-secrets-manager- SKILL.md10.4 KB
Overview
This skill provides practical patterns for using AWS Secrets Manager with the AWS SDK for Java 2.x. It covers creating and retrieving secrets, secret rotation, caching for performance, and Spring Boot integration to manage credentials and API keys securely. The guidance focuses on production-ready patterns, error handling, and common constraints.
How this skill works
The skill shows how to instantiate a SecretsManagerClient, perform core operations (create, get, update, delete, list), and configure SecretCache for reduced API calls. It details versioning and rotation workflows, Lambda-based rotation hooks, and how to wire Secrets Manager into Spring Boot beans and DataSource configuration. Examples include JSON secret shapes, cache TTL settings, and retry/error handling patterns.
When to use it
- Programmatically store and retrieve application secrets (passwords, API keys, tokens).
- Manage database credentials without hardcoding credentials in configuration.
- Enable automatic secret rotation using Lambda or immediate rotation APIs.
- Integrate Secrets Manager into Spring Boot applications and DataSource beans.
- Improve performance and reduce costs by using secret caching in production.
Best practices
- Use hierarchical, descriptive secret names and add tags for organization.
- Always use caching in production; choose TTLs based on sensitivity and rotation frequency.
- Apply least-privilege IAM policies and enable CloudTrail for audit logging.
- Never log secret values; use KMS encryption and verify key permissions.
- Reuse SecretsManagerClient instances and favor async calls for high throughput.
Example use cases
- Storing and rotating database credentials for an RDS instance with automatic rotation.
- Providing API keys and tokens to a Spring Boot service via a SecretCache-backed SecretsService.
- Bootstrapping application configuration at startup by fetching secrets into a DataSource.
- Batch-loading multiple secrets into memory for a background job while respecting cache TTLs.
- Implementing rotation workflows where Lambda functions update credentials and promote versions.
FAQ
Choose a TTL that balances security and performance: short TTLs for highly sensitive or frequently rotated secrets, longer TTLs for stable secrets to reduce API calls.
How do I handle secret rotation without downtime?
Use version stages (AWSPENDING/AWSCURRENT), perform Lambda-based rotation to update both the secret and dependent services, and configure clients to refresh cached values during rollouts.