Menu
I need to securely store and fetch keystore.jks and truststore.jks files from my Java application in order to make secure communications with external application.
Can we store these files in AWS Secret Manager?
I am not able to find proper documentation to store JKS certificate as secret in AWS secret manager.
527
You would store these as binary secrets in SecretsManager, as long as they are under the size limit. Alternatively, you could store them in a private S3 bucket encrypted with a KMS CMK.
Since Java expects the truststore.jks and keystore.jks files to be present on the file system before the Java application starts up, you would need to script your docker container to download the files into the running container before starting your Java application, for example by including and using the AWS CLI tool within your Docker image.
To give your ECS application access to download the files you would assign the appropriate IAM permissions to the ECS task.
199
You can add and retrieve certificates from AWS Secret Manager. But it depends on the size of your certificate as well. Read here : Quotas for AWS Secrets Manager
Secrets for AWS Secrets Manager have various limits such as length in characters (65,536).
Read the docs : Storing the certificates in AWS Secrets Manager
Note : You will need to use HTTP Resolvers/ Lambda Resolvers to be able to make http calls to AWS Secrets Manager to obtain the secret.
41
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
