Describe the bug
With default configuration, the secret cache should refresh the secret every 1 hour. However, as per the logs of our application, only DescribeSecret API call is made by the library. GetSecret API calls are not made every hour.
To Reproduce
Steps to reproduce the behavior:

Integrated library in java project

<dependency>
			<groupId>com.amazonaws.secretsmanager</groupId>
			<artifactId>aws-secretsmanager-jdbc</artifactId>
			<version>${aws-secretsmanager-jdbc.version}</version>
		</dependency>
		<dependency>
			<groupId>org.mariadb.jdbc</groupId>
			<artifactId>mariadb-java-client</artifactId>
			<version>2.6.0</version>
		</dependency>
		<dependency>
			<groupId>com.amazonaws.secretsmanager</groupId>
			<artifactId>aws-secretsmanager-caching-java</artifactId>
			<version>1.0.1</version>
		</dependency>

Set application properties to use Secrets for connecting to database

spring:
  datasource:
    url: jdbc-secretsmanager:mariadb:aurora://<rest_of_db_url>
    username: <secret_name_here>
    driver-class-name: com.amazonaws.secretsmanager.sql.AWSSecretsManagerMariaDBDriver
    hikari:
      maximum-pool-size: 1
      max-lifetime: 60000

logging:
  level:
    com:
      amazonaws:
        request: DEBUG

Expected behavior
Cache is refreshed every hour. Can be verified using sample log

Sending Request: POST https://secretsmanager.us-west-2.amazonaws.com / Headers: (amz-sdk-invocation-id: 9086716c-0b6d-e758-b77f-87240be95f54, Content-Length: 147, Content-Type: application/x-amz-json-1.1, User-Agent: aws-sdk-java/1.12.148 Linux/4.14.287-215.504.amzn2.x86_64 OpenJDK_64-Bit_Server_VM/11.0.16.1+9-LTS java/11.0.16.1 kotlin/1.5.20 vendor/Amazon.com_Inc. cfg/retry-mode/legacy exec-env/AWS_ECS_EC2 AwsSecretCache/1.1.0.0, X-Amz-Target: secretsmanager.GetSecretValue, ) 

Actual Behaviour:
Only DescribeSecret call is made every hour approximately.

Verified using below log pattern

Sending Request: POST https://secretsmanager.us-west-2.amazonaws.com / Headers: (amz-sdk-invocation-id: af7b78bb-d81b-3024-250d-845ce0677141, Content-Length: 96, Content-Type: application/x-amz-json-1.1, User-Agent: aws-sdk-java/1.12.148 Linux/4.14.287-215.504.amzn2.x86_64 OpenJDK_64-Bit_Server_VM/11.0.16.1+9-LTS java/11.0.16.1 kotlin/1.5.20 vendor/Amazon.com_Inc. cfg/retry-mode/legacy exec-env/AWS_ECS_EC2 AwsSecretCache/1.1.0.0, X-Amz-Target: secretsmanager.DescribeSecret, ) 

Environment:
Java VM | OpenJDK 64-Bit Server VM
Java VM version | 11.0.16.1+9-LTS
Java version | 11.0.16.1
Java vendor | Amazon.com Inc.
OS | Linux
OS version | 4.14.287-215.504.amzn2.x86_64

aws-secretsmanager-caching-java | 1.0.2
aws-secretsmanager-jdbc | 1.0.8

Additional context
Secret was rotated also in between the 1 hour windows, but still cache was not refreshed on the application side.
Also, this is happening intermittently. Sometimes cache is refreshed after secret rotation and in some cases it does not.

Same issues that was happening with flyway. URL is not valid for liquiBase due to the URL beginning with jdbc-secretsmanager

Are there any plans for a new release, since 1.0.6 is over a year old? SNYK reports a number of transitive dependency issues in that version and I can see they have been fixed in the repo, but it would give our end users more confidence to see us using a 1.0.7 which had them resolved.

My JDK 11 app connects to two databases, one using a jdbc-secretsmanager URL and the other using a plain jdbc URL. When DriverManager.getConnection() walks through the registered drivers to connect to the JDBC URL, if it tries the Secrets Manager driver first, it throws an exception complaining that the JDBC URL is not a valid secret ID.

I think AWSSecretsManagerDriver.connect() should not try to connect if the URL doesn't match the jdbc-secretsmanager scheme, or at least it should not try to connect if the URL does match the jdbc scheme.

Does this work with spring-boot defaults (Hikari connection pool)? I have tried

spring.datasource.url = jdbc-secretsmanager:postgresql://localhost:5432/test_db
spring.datasource.driver-class-name = com.amazonaws.secretsmanager.sql.AWSSecretsManagerPostgreSQLDriver
spring.datasource.username = testSecret

but I get

    Failed to bind properties under '' to com.zaxxer.hikari.HikariDataSource:

        Property: driverclassname
        Value: com.amazonaws.secretsmanager.sql.AWSSecretsManagerPostgreSQLDriver
        Origin: "driverClassName" from property source "source"
        Reason: Could not initialize class com.amazonaws.secretsmanager.sql.AWSSecretsManagerPostgreSQLDriver

    Action:

    Update your application's configuration

root cause is

    Caused by: java.lang.NoClassDefFoundError: Could not initialize class com.amazonaws.secretsmanager.sql.AWSSecretsManagerPostgreSQLDriver
        at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) ~[na:1.8.0_202]
        at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) ~[na:1.8.0_202]
        at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) ~[na:1.8.0_202]
        at java.lang.reflect.Constructor.newInstance(Constructor.java:423) ~[na:1.8.0_202]
        at java.lang.Class.newInstance(Class.java:442) ~[na:1.8.0_202]
        at com.zaxxer.hikari.HikariConfig.setDriverClassName(HikariConfig.java:501) ~[HikariCP-3.2.0.jar:na]
        ... 141 common frames omitted

If the secret gets overwritten incompletely (in our case missing username) then retry results in NullPointerException at
https://github.com/aws/aws-secretsmanager-jdbc/blob/master/src/main/java/com/amazonaws/secretsmanager/sql/AWSSecretsManagerDriver.java#L325

Describe the feature request
The code uses AWS's default profile, which works great when there is only one profile. But on a machine with multiple profiles, an SdkClientException with the message Unable to load AWS credentials is thrown. There doesn't appear to be a way to specify an AWS profile.

To Reproduce
Steps to reproduce the behavior:
Log into AWS multiple times with different profiles. Run code that uses the AWSSecretsManagerDriver.

Expected behavior
The code provides a way to specify the desired profile, other than default, and the driver uses the desired profile.

Additional context
Exception in thread "main" com.amazonaws.SdkClientException: Unable to load AWS credentials from any provider in the chain: [EnvironmentVariableCredentialsProvider: Unable to load AWS credentials from environment variables (AWS_ACCESS_KEY_ID (or AWS_ACCESS_KEY) and AWS_SECRET_KEY (or AWS_SECRET_ACCESS_KEY)), SystemPropertiesCredentialsProvider: Unable to load AWS credentials from Java system properties (aws.accessKeyId and aws.secretKey), WebIdentityTokenCredentialsProvider: You must specify a value for roleArn and roleSessionName, com.amazonaws.auth.profile.ProfileCredentialsProvider@7e985ce9: Unable to load credentials into profile [default]: AWS Access Key ID is not specified., com.amazonaws.auth.EC2ContainerCredentialsProviderWrapper@35fe2125: Failed to connect to service endpoint: ]
at com.amazonaws.auth.AWSCredentialsProviderChain.getCredentials(AWSCredentialsProviderChain.java:136)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.getCredentialsFromContext(AmazonHttpClient.java:1266)
. . .

Describe the bug

Deploying Vendor app build on Java to AWS EKS and need to connect to RDS-Oracle through Secret Manager for the db credentials. Currently in the data source definition of "context.xml" referring to the secrets manager jar file in order to fetch the password dynamically from secrets manager resource and use that user & password retrieved to connect to the db. Currently its just giving invalid error in the log during the app startup.

java.sql.SQLException: Cannot create PoolableConnectionFactory (ORA-01017: invalid username/password; logon denied

It just gives the above error with out any additional logging.

Questions:

1. We are using Vendor app, don't have ability to pass the "secretmanager.properties" file by embedded in to the source code. What are the other ways to pass the below two settings to the container pod.

Set a PrivateLink DNS endpoint URL and a region in the secretsmanager.properties file:
drivers.vpcEndpointUrl= #The endpoint URL
drivers.vpcEndpointRegion= #The endpoint region

2. Currently the secrets manager jdbc jar file is not even able to reach the "secrets manager" resource, however nothing is written in the app start up logs except the invalid user/password login message.

==================================
To Reproduce
Steps to reproduce the behavior:

1. Java Application with tomcat app server having context.xml to configure the data source using the secrets manager integration to fetch the username and password dynamically.

Below is the datasource config in the context.xml file.

For "user" field passing the secretID and hoping that AWS Secret Manager driver use that secretID to fetch the user & password from the SecretManager resource.

Expected behavior
A description of what you expected to happen.

When the app comes up it loads the context,xml and do the data source connectivity which internally goes to the secrets manager for the data source credentials.

===================
Environment:
Details about your environment (OS, Java version, AWS SDK version...)

openjdk version "11.0.15" 2022-04-19
aws-secretsmanager-jdbc-1.0.11.jar
aws-java-sdk-secretsmanager-1.12.95.jar

================
Additional context
Add any other context about the problem here.

I am using AWS SDK for java on my project and now want to use AWS secrets manager to store RDS details. while integrating aws-secretsmanager-jdbc, getting a below error while running a query against database:

java.lang.NoSuchFieldError: SERVICE_ID
	at com.amazonaws.services.secretsmanager.AWSSecretsManagerClient.executeDescribeSecret(AWSSecretsManagerClient.java:885)
	at com.amazonaws.services.secretsmanager.AWSSecretsManagerClient.describeSecret(AWSSecretsManagerClient.java:866)
	at com.amazonaws.secretsmanager.caching.cache.SecretCacheItem.executeRefresh(SecretCacheItem.java:102)
	at com.amazonaws.secretsmanager.caching.cache.SecretCacheItem.executeRefresh(SecretCacheItem.java:32)
	at com.amazonaws.secretsmanager.caching.cache.SecretCacheObject.refresh(SecretCacheObject.java:188)
	at com.amazonaws.secretsmanager.caching.cache.SecretCacheObject.getSecretValue(SecretCacheObject.java:286)
	at com.amazonaws.secretsmanager.caching.SecretCache.getSecretString(SecretCache.java:123)
	at com.amazonaws.secretsmanager.sql.AWSSecretsManagerDriver.connectWithSecret(AWSSecretsManagerDriver.java:321)
	at com.amazonaws.secretsmanager.sql.AWSSecretsManagerDriver.connect(AWSSecretsManagerDriver.java:384)
	at com.mchange.v2.c3p0.DriverManagerDataSource.getConnection(DriverManagerDataSource.java:175)
	at com.mchange.v2.c3p0.WrapperConnectionPoolDataSource.getPooledConnection(WrapperConnectionPoolDataSource.java:220)
	at com.mchange.v2.c3p0.WrapperConnectionPoolDataSource.getPooledConnection(WrapperConnectionPoolDataSource.java:206)
	at com.mchange.v2.c3p0.impl.C3P0PooledConnectionPool$1PooledConnectionResourcePoolManager.acquireResource(C3P0PooledConnectionPool.java:203)
	at com.mchange.v2.resourcepool.BasicResourcePool.doAcquire(BasicResourcePool.java:1138)
	at com.mchange.v2.resourcepool.BasicResourcePool.doAcquireAndDecrementPendingAcquiresWithinLockOnSuccess(BasicResourcePool.java:1125)
	at com.mchange.v2.resourcepool.BasicResourcePool.access$700(BasicResourcePool.java:44)
	at com.mchange.v2.resourcepool.BasicResourcePool$ScatteredAcquireTask.run(BasicResourcePool.java:1870)
	at com.mchange.v2.async.ThreadPoolAsynchronousRunner$PoolThread.run(ThreadPoolAsynchronousRunner.java:696)

I did some research and found out that this might be the version conflict issue between sdk-core and secretsmanager. Here is the maven dependency tree:

[INFO] |  +- software.amazon.awssdk:secretsmanager:jar:2.10.30:compile
[INFO] |  |  +- software.amazon.awssdk:aws-json-protocol:jar:2.10.30:compile
[INFO] |  |  +- software.amazon.awssdk:protocol-core:jar:2.10.30:compile
[INFO] |  |  +- software.amazon.awssdk:sdk-core:jar:2.10.30:compile
[INFO] |  |  |  \- software.amazon.awssdk:profiles:jar:2.10.30:compile
[INFO] |  |  +- software.amazon.awssdk:auth:jar:2.10.30:compile
[INFO] |  |  +- software.amazon.awssdk:http-client-spi:jar:2.10.30:compile
[INFO] |  |  +- software.amazon.awssdk:regions:jar:2.10.30:compile
[INFO] |  |  +- software.amazon.awssdk:annotations:jar:2.10.30:compile
[INFO] |  |  +- software.amazon.awssdk:utils:jar:2.10.30:compile
[INFO] |  |  +- software.amazon.awssdk:aws-core:jar:2.10.30:compile
[INFO] |  |  +- software.amazon.awssdk:apache-client:jar:2.10.30:runtime
[INFO] |  |  \- software.amazon.awssdk:netty-nio-client:jar:2.10.30:runtime
[INFO] +- com.amazonaws.secretsmanager:aws-secretsmanager-jdbc:jar:1.0.3:compile
[INFO] |  +- com.amazonaws.secretsmanager:aws-secretsmanager-caching-java:jar:1.0.0:compile
[INFO] |  +- com.amazonaws:aws-java-sdk-secretsmanager:jar:1.11.418:compile
[INFO] |  |  +- com.amazonaws:aws-java-sdk-core:jar:1.11.281:compile
[INFO] |  |  \- com.amazonaws:jmespath-java:jar:1.11.281:compile
[INFO] +- software.amazon.awssdk:secretsmanager:jar:2.10.30:compile
[INFO] |  +- software.amazon.awssdk:aws-json-protocol:jar:2.10.30:compile
[INFO] |  +- software.amazon.awssdk:protocol-core:jar:2.10.30:compile
[INFO] |  +- software.amazon.awssdk:sdk-core:jar:2.10.30:compile
[INFO] |  |  \- software.amazon.awssdk:profiles:jar:2.10.30:compile
[INFO] |  +- software.amazon.awssdk:auth:jar:2.10.30:compile
[INFO] |  +- software.amazon.awssdk:http-client-spi:jar:2.10.30:compile
[INFO] |  +- software.amazon.awssdk:regions:jar:2.10.30:compile
[INFO] |  +- software.amazon.awssdk:annotations:jar:2.10.30:compile
[INFO] |  +- software.amazon.awssdk:utils:jar:2.10.30:compile
[INFO] |  +- software.amazon.awssdk:aws-core:jar:2.10.30:compile
[INFO] |  +- software.amazon.awssdk:apache-client:jar:2.10.30:runtime
[INFO] |  \- software.amazon.awssdk:netty-nio-client:jar:2.10.30:runtime
[INFO] \- com.amazonaws:aws-java-sdk-s3:jar:1.11.281:compile
[INFO]    \- com.amazonaws:aws-java-sdk-kms:jar:1.11.281:compile

FYI, I am using bom file for AWS JAVA SDK and that has version 2.5.47 while aws-secretsmanager-jdbc have AWS JAVA SDK version 1.11.418

So this works great, but I can't find a good way to customize the secrets manager client without extending the driver or setting configuration globally. We have applications deployed in both regions, but because of how our cloud formation scripts (Which create the DB cred secrets) work, the secret is only present in one region (Where the master is). We use the standard auto-detection for region and role on our servers, but I need to override the region just for the SecretsManager client (Preferably just by adding a property or ENV var).

The only solution to get this working I have found is to provide the global AWS_REGION, but that effects other clients in the application which I don't want to change the region for.

I'm trying to connect to a MySQL database using AWS Secrets Manager.
My application is a Spring Boot app.

I tried to update these configs like this :

spring.datasource.username= arn of the secret
spring.datasource.driverClassName=com.amazonaws.secretsmanager.sql.AWSSecretsManagerMySQLDriver
spring.datasource.url=jdbc-secretsmanager:mysql://...

But I have this error :

No Driver has been registered with name, com.mysql.jdbc.Driver. Please check your system properties or secretsmanager.properties for typos. Also ensure that the Driver registers itself

Previously, my config was like this :

spring:
  datasource:
    url: ...
    username: ...
    password: ...
    driverClassName: com.mysql.cj.jdbc.Driver

Thanks

Add support for resolving jdbc:redshift URLs stored in Secretsmanager using real driver com.amazon.redshift.jdbc.Driver

Hello,

I'm using aws-secretsmanager-jdbc 1.06 with springboot 2.3.4 and gradle:
implementation 'com.amazonaws.secretsmanager:aws-secretsmanager-jdbc:1.0.6'

It works for me locally, on my development PC, and I'm able to connect to Aurora Postgres with a secret coming from SecertsManager.

But I noticed that it loads by default java-sdk-core:1.11.418 and java-sdk-secretsmanager:1.11.418

I need to implement the same in EKS environment and assume IAM role for service account.
However, per AWS documentation, the minimal SDK version required is 2.10.11
https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts-minimum-sdk.html

Any plan to support SDK 2.X dependency?
I saw that the underlying dependency aws-secretsmanager-caching-java has an opened PR on that:
aws/aws-secretsmanager-caching-java#6

Regards,
Ori.

Caused by: org.flywaydb.core.api.FlywayException: Invalid JDBC URL (should start with jdbc:) : jdbc-secretsmanager:mysql://localhost:5022/transaction_summary?serverTimezone=UTC
at org.flywaydb.core.internal.util.jdbc.DriverDataSource.detectFallbackUrl(DriverDataSource.java:169)
at org.flywaydb.core.internal.util.jdbc.DriverDataSource.(DriverDataSource.java:119)
at org.flywaydb.core.Flyway.setDataSource(Flyway.java:1014)
at org.springframework.boot.autoconfigure.flyway.FlywayAutoConfiguration$FlywayConfiguration.flyway(FlywayAutoConfiguration.java:143)
at org.springframework.boot.autoconfigure.flyway.FlywayAutoConfiguration$FlywayConfiguration$$EnhancerBySpringCGLIB$$1182d741.CGLIB$flyway$0()
at org.springframework.boot.autoconfigure.flyway.FlywayAutoConfiguration$FlywayConfiguration$$EnhancerBySpringCGLIB$$1182d741$$FastClassBySpringCGLIB$$9c6197e8.invoke()
at org.springframework.cglib.proxy.MethodProxy.invokeSuper(MethodProxy.java:228)
at org.springframework.context.annotation.ConfigurationClassEnhancer$BeanMethodInterceptor.intercept(ConfigurationClassEnhancer.java:365)
at org.springframework.boot.autoconfigure.flyway.FlywayAutoConfiguration$FlywayConfiguration$$EnhancerBySpringCGLIB$$1182d741.flyway()
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:154)
... 26 common frames omitted

Took some time tracking down the root cause, but I was getting com.mysql.cj.exceptions.CJException: Access denied for user while using the secrets manager MySQL driver for MySQL driver 8.0.31. This is a problem because the error handling for the AWSSecretsManagerMySQLDriver expects a SQLException but the CJException is not a SQLException subclass, so these credential issues were not being automatically handled by the driver.

I found that the cause was using the autoReconnect=true JDBC parameter. When using this parameter, the MySQL driver ends up taking a separate code from autoReconnect=false:

java.sql.SQLNonTransientConnectionException: Could not create connection to database server. Attempted reconnect 3 times. Giving up.
	at com.mysql.cj.jdbc.exceptions.SQLError.createSQLException(SQLError.java:110)
	at com.mysql.cj.jdbc.exceptions.SQLError.createSQLException(SQLError.java:97)
	at com.mysql.cj.jdbc.exceptions.SQLError.createSQLException(SQLError.java:89)
	at com.mysql.cj.jdbc.exceptions.SQLError.createSQLException(SQLError.java:63)
	at com.mysql.cj.jdbc.exceptions.SQLError.createSQLException(SQLError.java:73)
	at com.mysql.cj.jdbc.ConnectionImpl.connectWithRetries(ConnectionImpl.java:898)
	at com.mysql.cj.jdbc.ConnectionImpl.createNewIO(ConnectionImpl.java:823)
	at com.mysql.cj.jdbc.ConnectionImpl.<init>(ConnectionImpl.java:448)
	at com.mysql.cj.jdbc.ConnectionImpl.getInstance(ConnectionImpl.java:241)
	at com.mysql.cj.jdbc.NonRegisteringDriver.connect(NonRegisteringDriver.java:198)
...
Caused by: com.mysql.cj.exceptions.CJException: Access denied for user 'test_user1671740990998'@'172.17.0.1' (using password: YES)
	at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
	at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
	at java.base/jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
	at java.base/java.lang.reflect.Constructor.newInstance(Constructor.java:490)
	at com.mysql.cj.exceptions.ExceptionFactory.createException(ExceptionFactory.java:61)
	at com.mysql.cj.exceptions.ExceptionFactory.createException(ExceptionFactory.java:105)
	at com.mysql.cj.exceptions.ExceptionFactory.createException(ExceptionFactory.java:151)
	at com.mysql.cj.exceptions.ExceptionFactory.createException(ExceptionFactory.java:129)
	at com.mysql.cj.protocol.a.NativeProtocol.checkErrorMessage(NativeProtocol.java:848)
	at com.mysql.cj.protocol.a.NativeProtocol.checkErrorMessage(NativeProtocol.java:770)
	at com.mysql.cj.protocol.a.NativeProtocol.checkErrorMessage(NativeProtocol.java:738)
	at com.mysql.cj.protocol.a.NativeProtocol.checkErrorMessage(NativeProtocol.java:155)
	at com.mysql.cj.protocol.a.NativeAuthenticationProvider.proceedHandshakeWithPluggableAuthentication(NativeAuthenticationProvider.java:472)
	at com.mysql.cj.protocol.a.NativeAuthenticationProvider.connect(NativeAuthenticationProvider.java:212)
	at com.mysql.cj.protocol.a.NativeProtocol.connect(NativeProtocol.java:1433)
	at com.mysql.cj.NativeSession.connect(NativeSession.java:133)
	at com.mysql.cj.jdbc.ConnectionImpl.connectWithRetries(ConnectionImpl.java:842)
	... 82 more

When autoReconnect=false, the com.mysql.cj.jdbc.ConnectionImpl.createNewIO method calls com.mysql.cj.jdbc.ConnectionImpl.connectOneTryOnly instead of com.mysql.cj.jdbc.ConnectionImpl.connectWithRetries. The com.mysql.cj.jdbc.ConnectionImpl.connectWithRetries method ends up throwing a SQLNonTransientConnectionException containing a CJException with a vendorCode equal to the expected error code 1045.

So, the immediate fix I've found is to just not use autoReconnect=true, turns out its usage is not recommended by MySQL anyway. But it seems like others have found the error detection to be problematic and the error handling here could be improved to unwrap exceptions and check for CJExceptions as well as SQLExceptions

I am using aws secrets manager to connect to postgresql db hosted on aws. When I try to run locally with groovy grails app, everything works seamlessly without any errors. But when I try to deploy war on tomcat 8, I see the error :

Caused by: java.lang.IllegalStateException: No Driver has been registered with name, org.postgresql.Driver. Please check your system properties or secretsmanager.properties for typos. Also ensure that the Driver registers itself.
	at com.amazonaws.secretsmanager.sql.AWSSecretsManagerDriver.getWrappedDriver(AWSSecretsManagerDriver.java:244)
	at com.amazonaws.secretsmanager.sql.AWSSecretsManagerDriver.acceptsURL(AWSSecretsManagerDriver.java:257)
	at com.zaxxer.hikari.util.DriverDataSource.<init>(DriverDataSource.java:83)
	at com.zaxxer.hikari.pool.PoolUtilities.initializeDataSource(PoolUtilities.java:114)

Hello,

Is it possible to use it with 2 distinct secrets: one for user and another for password?

username=usernameSecretId
password=passwordSecretId

Thanks.

The current implementation loads secretsmanager.properties configuration by system classloader. That's a big limitation, because in server implementations system classloader is usually a bootstrap, but not a current process. In case of Tomcat it is not possible to use secretsmanager.properties file to configure secretsmanager as a datasource because system classloader is aware of few system jars only, and no way to reconfigure.

Hi,
I'm working to deploy spring boot applicaiton with aws-secretsmanager-jdbc integrated. It works fine with the the usual flow where I set AWS_ACCESS_KEY_ID and and VALUE in env variable. when i'm trying to deploy the app in eks, ive created a service role with access to a particular secret, and included aws-java-sdk-sts to assume the role which is injected in the pod.
when i'm not adding the sdk-sts to pom, it tries to assume the role of the managed nodes, which doesn't have access to secrets. whenever I add the above library, it is able to assume the proper role but gives the below stack trace.

Caused by: java.lang.StackOverflowError: null
        at java.base/java.lang.ClassLoader.defineClass1(Native Method)
        at java.base/java.lang.ClassLoader.defineClass(Unknown Source)
        at java.base/java.security.SecureClassLoader.defineClass(Unknown Source)
        at java.base/jdk.internal.loader.BuiltinClassLoader.defineClass(Unknown Source)
        at java.base/jdk.internal.loader.BuiltinClassLoader.findClassOnClassPathOrNull(Unknown Source)
        at java.base/jdk.internal.loader.BuiltinClassLoader.loadClassOrNull(Unknown Source)
        at java.base/jdk.internal.loader.BuiltinClassLoader.loadClass(Unknown Source)
        at java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(Unknown Source)
        at java.base/java.lang.ClassLoader.loadClass(Unknown Source)
        at com.amazonaws.http.AmazonHttpClient$RequestExecutor.execute(AmazonHttpClient.java:744)
        at com.amazonaws.http.AmazonHttpClient$RequestExecutor.access$500(AmazonHttpClient.java:704)
        at com.amazonaws.http.AmazonHttpClient$RequestExecutionBuilderImpl.execute(AmazonHttpClient.java:686)
        at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:550)
        at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:530)
        at com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClient.doInvoke(AWSSecurityTokenServiceClient.java:1369)
        at com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClient.invoke(AWSSecurityTokenServiceClient.java:1338)
        at com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClient.invoke(AWSSecurityTokenServiceClient.java:1327)
        at com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClient.executeAssumeRole(AWSSecurityTokenServiceClient.java:488)
        at com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClient.assumeRole(AWSSecurityTokenServiceClient.java:460)
        at com.amazonaws.auth.STSAssumeRoleSessionCredentialsProvider.newSession(STSAssumeRoleSessionCredentialsProvider.java:321)
        at com.amazonaws.auth.STSAssumeRoleSessionCredentialsProvider.access$000(STSAssumeRoleSessionCredentialsProvider.java:37)
        at com.amazonaws.auth.STSAssumeRoleSessionCredentialsProvider$1.call(STSAssumeRoleSessionCredentialsProvider.java:76)
        at com.amazonaws.auth.STSAssumeRoleSessionCredentialsProvider$1.call(STSAssumeRoleSessionCredentialsProvider.java:73) ```

is there a way to use AWS_WEB_IDENTITY_TOKEN_FILE instead of aws creds to access the secrets

Findbug plugin generates false positive RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE for Config.loadPropertiesFromConfigFile method. Updating the plugin to spotbugs should fix the issue.

Related to #5, I'm trying to set the property drivers.mysql.realDriverClass=com.mysql.cj.jdbc.Driver. Putting this to src/main/resources/secretsmanager.properties works fine when running the app in IDE, but when I package it to Spring Boot jar with spring-boot-maven-plugin defaults, then aws-secretsmanager-jdbc cannot read it anymore and uses the default MySQL driver.

I noticed that the root cause is here https://github.com/aws/aws-secretsmanager-jdbc/blob/master/src/main/java/com/amazonaws/secretsmanager/util/Config.java#L70: ClassLoader.getSystemResourceAsStream(resourceName) returns null when running the packaged jar. Using Thread.currentThread().getContextClassLoader().getResource("secretsmanager.properties") seems to work fine in both IDE and jar, but I don't know if there are any side effects of this implementation.

As a workaround, I used System.setProperty("drivers.mysql.realDriverClass", "com.mysql.cj.jdbc.Driver"); to set the property in code.

The README suggests I add a Maven profile to allow snapshots in order to consume this jar. I see the same advice repeated in a few tutorials, but no explanation why. Could you add a bit more explanation on why this is necessary? Is 1.0.0 not a stable build? Obviously, I'd prefer not to have a dependency on an (unstable) snapshot in my (stable) build that includes this jar.

Basic configuration, created a secret manager added RDS database details there, in springboot using dependencies

 <dependency>
      <groupId>com.amazonaws.secretsmanager</groupId>
      <artifactId>aws-secretsmanager-jdbc</artifactId>
      <version>2.0.0</version>
</dependency>
<dependency>
      <groupId>com.mysql</groupId>
      <artifactId>mysql-connector-j</artifactId>
      <version>8.2.0</version>
      </dependency>
<dependency>
	 <groupId>org.springframework.boot</groupId>
	 <artifactId>spring-boot-starter-data-jdbc</artifactId>
 </dependency>

Steps to reproduce the behavior:
Deployed in amazon aws ECS and got below stacktrace
`2023-12-07T12:15:08.189Z WARN 1 --- [ main] s.c.a.AnnotationConfigApplicationContext : Exception encountered during context initialization - cancelling refresh attempt: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'configurationPropertiesBeans' defined in class path resource [org/springframework/cloud/autoconfigure/ConfigurationPropertiesRebinderAutoConfiguration.class]: Post-processing of merged bean definition failed
2023-12-07T12:15:08.477Z INFO 1 --- [ main] .s.b.a.l.ConditionEvaluationReportLogger :

Error starting ApplicationContext. To display the condition evaluation report re-run your application with 'debug' enabled.
2023-12-07T12:15:08.510Z ERROR 1 --- [ main] o.s.boot.SpringApplication : Application run failed

org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'configurationPropertiesBeans' defined in class path resource [org/springframework/cloud/autoconfigure/ConfigurationPropertiesRebinderAutoConfiguration.class]: Post-processing of merged bean definition failed
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:575) `

If I am trying to access secret manager data through aws cli from the same ECS, I am able to access it with:

aws secretsmanager get-secret-value --secret-id secret-rds-details --region="ap-southeast-1"

With the same database credential, I am able to connect directly with below configuration:

spring.datasource.url=jdbc:mysql://${MYSQL_HOST:abcd.rds.amazonaws.com}:3306/database
spring.datasource.username=databaseuser
spring.datasource.password=databasepassword
spring.datasource.driver-class-name=com.mysql.cj.jdbc.Driver

I replaced this with

spring.datasource.driver-class-name=com.amazonaws.secretsmanager.sql.AWSSecretsManagerMySQLDriver
spring.datasource.url=jdbc-secretsmanager:mysql://${MYSQL_HOST:abcd.rds.amazonaws.com}:3306/database
spring.datasource.username=secret-rds-details
spring.jpa.database-platform=org.hibernate.dialect.MySQLDialect

Expected behavior
It should be able to connect to RDS.

Environment:

Java version: 20
Springboot: 3.1.2

Could support for Snowflake be added? We currently use your library for PostgreSQL so would love to use it for Snowflake as well.

https://github.com/snowflakedb/snowflake-jdbc

. ____ _ __ _ _
/\ / ' __ _ () __ __ _ \ \ \
( ( )__ | '_ | '| | ' / ` | \ \ \
\/ )| |)| | | | | || (| | ) ) ) )
' || .__|| ||| |_, | / / / /
=========||==============|/=////
:: Spring Boot :: (v2.1.8.RELEASE)

2019-09-16 07:57:18.484 INFO 18120 --- [ main] c.e.s.SecretmgrspringbootApplication : Starting SecretmgrspringbootApplication on 11R32N2 with PID 18120 (C:\kiosk\temp\secretmgrspringboot\target\classes started by Fang-Hsien.Tsai-VEN in C:\kiosk\temp\secretmgrspringboot)
2019-09-16 07:57:18.487 INFO 18120 --- [ main] c.e.s.SecretmgrspringbootApplication : No active profile set, falling back to default profiles: default
2019-09-16 07:57:18.887 INFO 18120 --- [ main] .s.d.r.c.RepositoryConfigurationDelegate : Bootstrapping Spring Data repositories in DEFAULT mode.
2019-09-16 07:57:18.911 INFO 18120 --- [ main] .s.d.r.c.RepositoryConfigurationDelegate : Finished Spring Data repository scanning in 16ms. Found 0 repository interfaces.
2019-09-16 07:57:27.949 WARN 18120 --- [ main] s.c.a.AnnotationConfigApplicationContext : Exception encountered during context initialization - cancelling refresh attempt: org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'secretmgrspringbootApplication': Unsatisfied dependency expressed through field 'jdbcTemplate'; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'org.springframework.boot.autoconfigure.jdbc.JdbcTemplateAutoConfiguration$JdbcTemplateConfiguration': Unsatisfied dependency expressed through constructor parameter 0; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'dataSource' defined in class path resource [org/springframework/boot/autoconfigure/jdbc/DataSourceConfiguration$Hikari.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [com.zaxxer.hikari.HikariDataSource]: Factory method 'dataSource' threw exception; nested exception is org.springframework.boot.context.properties.bind.BindException: Failed to bind properties under '' to com.zaxxer.hikari.HikariDataSource
2019-09-16 07:57:27.959 INFO 18120 --- [ main] ConditionEvaluationReportLoggingListener :

Error starting ApplicationContext. To display the conditions report re-run your application with 'debug' enabled.
2019-09-16 07:57:27.962 ERROR 18120 --- [ main] o.s.b.d.LoggingFailureAnalysisReporter :

APPLICATION FAILED TO START

Description:

Failed to bind properties under '' to com.zaxxer.hikari.HikariDataSource:

Property: driverclassname
Value: com.amazonaws.secretsmanager.sql.AWSSecretsManagerMySQLDriver
Origin: "driverClassName" from property source "source"
Reason: Unable to find a region via the region provider chain. Must provide an explicit region in the builder or setup environment to supply a region.

Action:

Update your application's configuration

and application.yml:
spring:
datasource:
username: db/dmdc/secretmgrlogin
driver-class-name: com.amazonaws.secretsmanager.sql.AWSSecretsManagerMySQLDriver
url: jdbc-secretsmanager:mysql://dmdc.crb9ghtwc7rn.us-east-1.rds.amazonaws.com:3306/secretmgr

If you use an AWS SDK newer than1.11.602, maybe 1.11.603, then the following message shows when a connection is retrieved using the secret manager JDBC Driver.

WARN [DbCnxPool connection adder] com.amazonaws.http.apache.utils.ApacheUtils - NoSuchMethodError was thrown when disabling normalizeUri. This indicates you are using an old version (u003c 4.5.8) of Apache http client. It is recommended to use http client version u003e= 4.5.9 to avoid the breaking change introduced in apache client 4.5.7 and the latency in exception handling. See aws/aws-sdk-java#1919 for more information

Hopefully, this is an easy to re-produce, and easy to fix bug. We've started seeing across all of our services that use this driver, as they have been upgraded to newer AWS SDK versions.

Cant able to pass the secrets in the spring boot application. facing the error below.

Error : Caused by: javax.persistence.PersistenceException: [PersistenceUnit: default] Unable to build Hibernate SessionFactory; nested exception is java.lang.IllegalStateException: No Driver has been registered with name, com.mysql.cj.jdbc.Driver. Please check your system properties or secretsmanager.properties for typos. Also ensure that the Driver registers itself.

But i am able to run the application using the password hardcoded. With the secrets manager arn it cant bale to connect.

Below is my application.properties files and pom.xml file.

spring.datasource.url=jdbc-secretsmanager:mysql://XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:3350/jdoc?useSSL=false
spring.datasource.username=XXXXXXXXXXXXXXXXXXXXXXXXXX
spring.datasource.driver-class-name=com.amazonaws.secretsmanager.sql.AWSSecretsManagerMySQLDriver

Dependency file has been updated

just add mysql and jdbc dependencies like below

I am getting exception when I try to connect serverless using quarkus
here are parameter i am passing

quarkus.datasource.jdbc.driver=software.aws.rds.jdbc.postgresql.Driver
quarkus.datasource.username = ${secretname}
quarkus.datasource.jdbc.url = jdbc-secretsmanager:postgresql://dbpostgres-serverless.cluster-xxxx.us-east-1.rds.amazonaws.com:5432/dbname
quarkus.hibernate-orm.database.default-schema=dev_base

logs and exception

319 [JPA Startup Thread: ] higRequestId= WARN JdbcEnvironmentInitiator - HHH000342: Could not obtain connection to query metadata: java.sql.SQLException: Driver does not support the provided URL: jdbc-secretsmanager:postgresql:/db-postgres-serverless.cluster-xxxxx.us-east-1.rds.amazonaws.com:5432/dbname

Caused by: java.sql.SQLException: Driver does not support the provided URL: jdbc-secretsmanager:postgresql://serverlessrdsnamexxx.us-east-1.rds.amazonaws.com:5432/dbname

com.fasterxml.jackson.core:jackson-databind:2.8.11.1:jar - please upgrade to a compatible version.

      Type:            VULNERABILITY
      Name:            CVE-2018-14719
      CVSS Score v2:   7.5
      Severity:        high
      Description:     FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the blaze-ds-opt and blaze-ds-core classes from polymorphic deserialization.

      Type:            VULNERABILITY
      Name:            CVE-2018-14720
      CVSS Score v2:   7.5
      Severity:        high
      Description:     FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity (XXE) attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization.

      Type:            VULNERABILITY
      Name:            CVE-2018-14721
      CVSS Score v2:   7.5
      Severity:        high
      Description:     FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery (SSRF) attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization.

      Type:            VULNERABILITY
      Name:            CVE-2018-19360
      CVSS Score v2:   7.5
      Severity:        high
      Description:     FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the axis2-transport-jms class from polymorphic deserialization.

Thanks

Have created a simple impl at https://github.com/Hack23/cia/blob/master/service.data.impl/src/main/java/com/hack23/cia/service/data/impl/util/SecretPGXADataSource.java , maybe something more people need.

ERROR o.s.boot.SpringApplication.reportFailure - Application run failed
org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'entityManagerFactory' defined in class path resource [org/springframework/boot/autoconfigure/orm/jpa/HibernateJpaConfiguration.class]: Unsatisfied dependency expressed through method 'entityManagerFactory' parameter 0; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'entityManagerFactoryBuilder' defined in class path resource [org/springframework/boot/autoconfigure/orm/jpa/HibernateJpaConfiguration.class]: Unsatisfied dependency expressed through method 'entityManagerFactoryBuilder' parameter 0; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'jpaVendorAdapter' defined in class path resource [org/springframework/boot/autoconfigure/orm/jpa/HibernateJpaConfiguration.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.springframework.orm.jpa.JpaVendorAdapter]: Factory method 'jpaVendorAdapter' threw exception; nested exception is java.lang.RuntimeException: Driver com.mysql.cj.jdbc.Driver claims to not accept jdbcUrl, jdbc-secretsmanager:mysql://hostname:3306/dbname

Currently when using these wrapper drivers implemented by this project there is no notes on how the Driver can be instantiated with custom cache manager having a ttl value configured by the user.

Would request to add notes on the same. In case if such instantiation is not supported. Can we add the support for the same

Hi,
i am utilizing the library within my Spring Boot application, which is hosted on an AWS EKS Fargate cluster. I have assigned an IAM Role with web identity to the ServiceAccount responsible for accessing the Secret Manager for an RDS PostgreSQL database.
However, I am encountering an error during this access attempt:

“Unable to load credentials from system settings. Access key must be specified either via environment variable (AWS_ACCESS_KEY_ID) or system property (aws.accessKeyId)."

I don't have an AWS_ACCESS_KEY_ID because I am use an IAM Role instead.

What could be the problem? Can i use the library with Fargate?

Verisons :
implementation("com.amazonaws.secretsmanager:aws-secretsmanager-jdbc:2.0.0")
implementation("software.amazon.awssdk:sts:2.21.6")

I'm using Hikari with SpringBoot with Secret Manager and I have my application.yml as

datasource:
  writer:
    url: ${DATASOURCE_URL}
    username: ${DATASOURCE_SECRET_KEY}
    maximum-pool-size: ${DB_WRITER_MAX_POOL_SIZE}
    minimum-idle: ${DB_WRITER_MINIMUM_IDLE}
    driver-class-name: ${DATASOURCE_DRIVER_CLASS_NAME}
  reader:
    url: ${DATASOURCE_RO_URL}
    username: ${DATASOURCE_SECRET_KEY}
    maximum-pool-size: ${DB_READER_MAX_POOL_SIZE}
    minimum-idle: ${DB_READER_MINIMUM_IDLE}
    driver-class-name: ${DATASOURCE_DRIVER_CLASS_NAME}

With my ENV params as

DATASOURCE_URL=jdbc-secretsmanager:postgresql://172.17.0.1:5555/transactionhistory
DATASOURCE_RO_URL=jdbc-secretsmanager:postgresql://172.17.0.1:5555/transactionhistory
DATASOURCE_SECRET_KEY=jenkins/transactionhistoryapi/postgres
DATASOURCE_DRIVER_CLASS_NAME=com.amazonaws.secretsmanager.sql.AWSSecretsManagerPostgreSQLDriver

In my jenkins build its failing as it cant find the specified secret.

2019-09-23 18:55:16,238 [main] ERROR com.zaxxer.hikari.pool.HikariPool - HikariPool-1 - Exception during pool initialization.
com.amazonaws.services.secretsmanager.model.ResourceNotFoundException: Secrets Manager can’t find the specified secret. (Service: AWSSecretsManager; Status Code: 400; Error Code: ResourceNotFoundException; Request ID: d9a3ed64-39f2-4a99-903c-2a8e4a8c46e3)
	at com.amazonaws.http.AmazonHttpClient$RequestExecutor.handleErrorResponse(AmazonHttpClient.java:1695)
	at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeOneRequest(AmazonHttpClient.java:1350)
	at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeHelper(AmazonHttpClient.java:1101)
	at com.amazonaws.http.AmazonHttpClient$RequestExecutor.doExecute(AmazonHttpClient.java:758)
	at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeWithTimer(AmazonHttpClient.java:732)
	at com.amazonaws.http.AmazonHttpClient$RequestExecutor.execute(AmazonHttpClient.java:714)
	at com.amazonaws.http.AmazonHttpClient$RequestExecutor.access$500(AmazonHttpClient.java:674)
	at com.amazonaws.http.AmazonHttpClient$RequestExecutionBuilderImpl.execute(AmazonHttpClient.java:656)
	at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:520)
	at com.amazonaws.services.secretsmanager.AWSSecretsManagerClient.doInvoke(AWSSecretsManagerClient.java:2625)
	at com.amazonaws.services.secretsmanager.AWSSecretsManagerClient.invoke(AWSSecretsManagerClient.java:2594)
	at com.amazonaws.services.secretsmanager.AWSSecretsManagerClient.invoke(AWSSecretsManagerClient.java:2583)
	at com.amazonaws.services.secretsmanager.AWSSecretsManagerClient.executeDescribeSecret(AWSSecretsManagerClient.java:895)
	at com.amazonaws.services.secretsmanager.AWSSecretsManagerClient.describeSecret(AWSSecretsManagerClient.java:866)
	at com.amazonaws.secretsmanager.caching.cache.SecretCacheItem.executeRefresh(SecretCacheItem.java:102)
	at com.amazonaws.secretsmanager.caching.cache.SecretCacheItem.executeRefresh(SecretCacheItem.java:32)
	at com.amazonaws.secretsmanager.caching.cache.SecretCacheObject.refresh(SecretCacheObject.java:188)
	at com.amazonaws.secretsmanager.caching.cache.SecretCacheObject.getSecretValue(SecretCacheObject.java:286)
	at com.amazonaws.secretsmanager.caching.SecretCache.getSecretString(SecretCache.java:123)
	at com.amazonaws.secretsmanager.sql.AWSSecretsManagerDriver.connectWithSecret(AWSSecretsManagerDriver.java:321)
	at com.amazonaws.secretsmanager.sql.AWSSecretsManagerDriver.connect(AWSSecretsManagerDriver.java:384)
	at com.zaxxer.hikari.util.DriverDataSource.getConnection(DriverDataSource.java:136)
	at com.zaxxer.hikari.pool.PoolBase.newConnection(PoolBase.java:369)
	at com.zaxxer.hikari.pool.PoolBase.newPoolEntry(PoolBase.java:198)
	at com.zaxxer.hikari.pool.HikariPool.createPoolEntry(HikariPool.java:467)
	at com.zaxxer.hikari.pool.HikariPool.checkFailFast(HikariPool.java:541)
	at com.zaxxer.hikari.pool.HikariPool.<init>(HikariPool.java:115)
	at com.zaxxer.hikari.HikariDataSource.getConnection(HikariDataSource.java:112)
	at org.flywaydb.core.internal.util.jdbc.JdbcUtils.openConnection(JdbcUtils.java:51)
	at org.flywaydb.core.internal.database.DatabaseFactory.createDatabase(DatabaseFactory.java:70)
	at org.flywaydb.core.Flyway.execute(Flyway.java:1227)
	at org.flywaydb.core.Flyway.migrate(Flyway.java:910)
	at org.springframework.boot.autoconfigure.flyway.FlywayMigrationInitializer.afterPropertiesSet(FlywayMigrationInitializer.java:66)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1765)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1702)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:579)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:501)
	at org.springframework.beans.factory.support.AbstractBeanFactory.lambda$doGetBean$0(AbstractBeanFactory.java:317)
	at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:228)
	at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:315)
	at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:199)
	at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:304)
	at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:199)
	at org.springframework.context.support.AbstractApplicationContext.getBean(AbstractApplicationContext.java:1089)
	at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:859)
	at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:550)
	at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:759)
	at org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:395)
	at org.springframework.boot.SpringApplication.run(SpringApplication.java:327)
	at org.springframework.boot.test.context.SpringBootContextLoader.loadContext(SpringBootContextLoader.java:139)
	at org.springframework.test.context.cache.DefaultCacheAwareContextLoaderDelegate.loadContextInternal(DefaultCacheAwareContextLoaderDelegate.java:99)
	at org.springframework.test.context.cache.DefaultCacheAwareContextLoaderDelegate.loadContext(DefaultCacheAwareContextLoaderDelegate.java:117)
	at org.springframework.test.context.support.DefaultTestContext.getApplicationContext(DefaultTestContext.java:108)
	at org.springframework.test.context.web.ServletTestExecutionListener.setUpRequestContextIfNecessary(ServletTestExecutionListener.java:190)
	at org.springframework.test.context.web.ServletTestExecutionListener.prepareTestInstance(ServletTestExecutionListener.java:132)
	at org.springframework.test.context.TestContextManager.prepareTestInstance(TestContextManager.java:246)
	at org.spockframework.spring.SpringTestContextManager.prepareTestInstance(SpringTestContextManager.java:50)
	at org.spockframework.spring.SpringInterceptor.interceptSetupMethod(SpringInterceptor.java:42)
	at org.spockframework.runtime.extension.AbstractMethodInterceptor.intercept(AbstractMethodInterceptor.java:28)
	at org.spockframework.runtime.extension.MethodInvocation.proceed(MethodInvocation.java:87)
	at org.spockframework.runtime.BaseSpecRunner.invoke(BaseSpecRunner.java:472)
	at org.spockframework.runtime.BaseSpecRunner.runSetup(BaseSpecRunner.java:375)
	at org.spockframework.runtime.BaseSpecRunner.runSetup(BaseSpecRunner.java:370)
	at org.spockframework.runtime.BaseSpecRunner.doRunIteration(BaseSpecRunner.java:323)
	at org.spockframework.runtime.BaseSpecRunner$6.invoke(BaseSpecRunner.java:309)
	at org.spockframework.runtime.BaseSpecRunner.invokeRaw(BaseSpecRunner.java:481)
	at org.spockframework.runtime.BaseSpecRunner.invoke(BaseSpecRunner.java:464)
	at org.spockframework.runtime.BaseSpecRunner.runIteration(BaseSpecRunner.java:288)
	at org.spockframework.runtime.BaseSpecRunner.initializeAndRunIteration(BaseSpecRunner.java:278)
	at org.spockframework.runtime.BaseSpecRunner.runSimpleFeature(BaseSpecRunner.java:269)
	at org.spockframework.runtime.BaseSpecRunner.doRunFeature(BaseSpecRunner.java:263)
	at org.spockframework.runtime.BaseSpecRunner$5.invoke(BaseSpecRunner.java:246)
	at org.spockframework.runtime.BaseSpecRunner.invokeRaw(BaseSpecRunner.java:481)
	at org.spockframework.runtime.BaseSpecRunner.invoke(BaseSpecRunner.java:464)
	at org.spockframework.runtime.BaseSpecRunner.runFeature(BaseSpecRunner.java:238)
	at org.spockframework.runtime.BaseSpecRunner.runFeatures(BaseSpecRunner.java:188)
	at org.spockframework.runtime.BaseSpecRunner.doRunSpec(BaseSpecRunner.java:98)
	at org.spockframework.runtime.BaseSpecRunner$1.invoke(BaseSpecRunner.java:84)
	at org.spockframework.runtime.BaseSpecRunner.invokeRaw(BaseSpecRunner.java:481)
	at org.spockframework.runtime.BaseSpecRunner.invoke(BaseSpecRunner.java:464)
	at org.spockframework.runtime.BaseSpecRunner.runSpec(BaseSpecRunner.java:76)
	at org.spockframework.runtime.BaseSpecRunner.run(BaseSpecRunner.java:67)
	at org.spockframework.runtime.Sputnik.run(Sputnik.java:63)
	at org.apache.maven.surefire.junit4.JUnit4Provider.execute(JUnit4Provider.java:283)
	at org.apache.maven.surefire.junit4.JUnit4Provider.executeWithRerun(JUnit4Provider.java:173)
	at org.apache.maven.surefire.junit4.JUnit4Provider.executeTestSet(JUnit4Provider.java:153)
	at org.apache.maven.surefire.junit4.JUnit4Provider.invoke(JUnit4Provider.java:128)
	at org.apache.maven.surefire.booter.ForkedBooter.invokeProviderInSameClassLoader(ForkedBooter.java:203)
	at org.apache.maven.surefire.booter.ForkedBooter.runSuitesInProcess(ForkedBooter.java:155)
	at org.apache.maven.surefire.booter.ForkedBooter.main(ForkedBooter.java:103)
2019-09-23 18:55:16,240 [main] WARN  o.s.w.context.support.GenericWebApplicationContext - Exception encountered during context initialization - cancelling refresh attempt: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'flywayInitializer' defined in class path resource [org/springframework/boot/autoconfigure/flyway/FlywayAutoConfiguration$FlywayConfiguration.class]: Invocation of init method failed; nested exception is com.zaxxer.hikari.pool.HikariPool$PoolInitializationException: Failed to initialize pool: Secrets Manager can’t find the specified secret. (Service: AWSSecretsManager; Status Code: 400; Error Code: ResourceNotFoundException; Request ID: d9a3ed64-39f2-4a99-903c-2a8e4a8c46e3)

Using the AWS SDK and manually calling the getSecret

// Use this code snippet in your app.
// If you need more information about configurations or implementing the sample code, visit the AWS docs:
// https://docs.aws.amazon.com/sdk-for-java/v1/developer-guide/java-dg-samples.html#prerequisites

public static void getSecret() {

    String secretName = "jenkins/transactionhistoryapi/postgres";
    String region = "us-east-1";

    // Create a Secrets Manager client
    AWSSecretsManager client  = AWSSecretsManagerClientBuilder.standard()
                                    .withRegion(region)
                                    .build();
    
    // In this sample we only handle the specific exceptions for the 'GetSecretValue' API.
    // See https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_GetSecretValue.html
    // We rethrow the exception by default.
    
    String secret, decodedBinarySecret;
    GetSecretValueRequest getSecretValueRequest = new GetSecretValueRequest()
                    .withSecretId(secretName);
    GetSecretValueResult getSecretValueResult = null;

    try {
        getSecretValueResult = client.getSecretValue(getSecretValueRequest);
    } catch (DecryptionFailureException e) {
        // Secrets Manager can't decrypt the protected secret text using the provided KMS key.
        // Deal with the exception here, and/or rethrow at your discretion.
        throw e;
    } catch (InternalServiceErrorException e) {
        // An error occurred on the server side.
        // Deal with the exception here, and/or rethrow at your discretion.
        throw e;
    } catch (InvalidParameterException e) {
        // You provided an invalid value for a parameter.
        // Deal with the exception here, and/or rethrow at your discretion.
        throw e;
    } catch (InvalidRequestException e) {
        // You provided a parameter value that is not valid for the current state of the resource.
        // Deal with the exception here, and/or rethrow at your discretion.
        throw e;
    } catch (ResourceNotFoundException e) {
        // We can't find the resource that you asked for.
        // Deal with the exception here, and/or rethrow at your discretion.
        throw e;
    }

    // Decrypts secret using the associated KMS CMK.
    // Depending on whether the secret is a string or binary, one of these fields will be populated.
    if (getSecretValueResult.getSecretString() != null) {
        secret = getSecretValueResult.getSecretString();
    }
    else {
        decodedBinarySecret = new String(Base64.getDecoder().decode(getSecretValueResult.getSecretBinary()).array());
    }

    // Your code goes here.
}

it is able to get the specified secret, below is a sample of what the secret looks like.

aws secretsmanager get-secret-value --secret-id jenkins/transactionhistoryapi/postgres --profile saml 
{
    "ARN": "arn:aws:secretsmanager:us-east-1:123456789012:secret:jenkins/transactionhistoryapi/postgres-A3BCef",
    "Name": "jenkins/transactionhistoryapi/postgres",
    "VersionId": "3493d4a0-b7q2-67f6-b24a-9dca3493d4f2",
    "SecretString": "{\"username\":\"postgres\",\"password\":\"abc123\",\"engine\":\"postgres\",\"host\":\"111.171.10.11\",\"port\":1115,\"dbname\":\"mydbname\",\"hostReadOnly\":\"111.171.10.11\"}",
    "VersionStages": [
        "AWSCURRENT"
    ],
    "CreatedDate": 1568224188.993
}

Is there any logging I can look at to see what type of secret aws-secretsmanager-jdbc is calling?

Thanks

Currrently, configuration of the secrets manager region and endpoint needs to be done through system properties and environment variables. There are a few problems with this approach that I have run into:

1. If ARNs ever have to be retrieved from different regions, the driver only supports one
2. Setting the environment variables has been an issue in some environments, like when EMR runs your code in yarn containers

If region/endpoint could be provided as connection properties, the region/endpoint could be used dynamically.

$ java -version
openjdk version "11.0.2" 2019-01-15
OpenJDK Runtime Environment AdoptOpenJDK (build 11.0.2+9)
OpenJDK 64-Bit Server VM AdoptOpenJDK (build 11.0.2+9, mixed mode)

$ mvn -e clean install
[INFO] Error stacktraces are turned on.
[INFO] Scanning for projects...
[INFO]
[INFO] --------< com.amazonaws.secretsmanager:aws-secretsmanager-jdbc >--------
[INFO] Building AWS Secrets Manager SQL Connection Library 1.0.1
[INFO] --------------------------------[ jar ]---------------------------------
[INFO]
[INFO] --- maven-clean-plugin:2.5:clean (default-clean) @ aws-secretsmanager-jdbc ---
[INFO] Deleting /Users/raupach/Development/aws-secretsmanager-jdbc/target
[INFO]
[INFO] --- maven-checkstyle-plugin:2.17:check (validate) @ aws-secretsmanager-jdbc ---
[INFO] Starting audit...
Audit done.
[INFO]
[INFO] --- maven-resources-plugin:2.6:resources (default-resources) @ aws-secretsmanager-jdbc ---
[WARNING] Using platform encoding (UTF-8 actually) to copy filtered resources, i.e. build is platform dependent!
[INFO] skip non existing resourceDirectory /Users/raupach/Development/aws-secretsmanager-jdbc/src/main/resources
[INFO]
[INFO] --- maven-compiler-plugin:3.2:compile (default-compile) @ aws-secretsmanager-jdbc ---
[INFO] Changes detected - recompiling the module!
[INFO] Compiling 10 source files to /Users/raupach/Development/aws-secretsmanager-jdbc/target/classes
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by lombok.javac.apt.LombokProcessor to field com.sun.tools.javac.processing.JavacProcessingEnvironment.discoveredProcs
WARNING: Please consider reporting this to the maintainers of lombok.javac.apt.LombokProcessor
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 1.948 s
[INFO] Finished at: 2019-02-28T13:40:42+01:00
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.apache.maven.plugins:maven-compiler-plugin:3.2:compile (default-compile) on project aws-secretsmanager-jdbc: Fatal error compiling: java.lang.ExceptionInInitializerError: com.sun.tools.javac.code.TypeTags -> [Help 1]
org.apache.maven.lifecycle.LifecycleExecutionException: Failed to execute goal org.apache.maven.plugins:maven-compiler-plugin:3.2:compile (default-compile) on project aws-secretsmanager-jdbc: Fatal error compiling
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:215)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:156)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:148)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81)
at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56)
at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128)
at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305)
at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192)
at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105)
at org.apache.maven.cli.MavenCli.execute (MavenCli.java:956)
at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:288)
at org.apache.maven.cli.MavenCli.main (MavenCli.java:192)
at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)
at jdk.internal.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62)
at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke (Method.java:566)
at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:289)
at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:229)
at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:415)
at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:356)
Caused by: org.apache.maven.plugin.MojoExecutionException: Fatal error compiling
at org.apache.maven.plugin.compiler.AbstractCompilerMojo.execute (AbstractCompilerMojo.java:834)
at org.apache.maven.plugin.compiler.CompilerMojo.execute (CompilerMojo.java:129)
at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:137)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:210)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:156)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:148)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81)
at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56)
at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128)
at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305)
at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192)
at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105)
at org.apache.maven.cli.MavenCli.execute (MavenCli.java:956)
at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:288)
at org.apache.maven.cli.MavenCli.main (MavenCli.java:192)
at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)
at jdk.internal.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62)
at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke (Method.java:566)
at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:289)
at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:229)
at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:415)
at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:356)
Caused by: org.codehaus.plexus.compiler.CompilerException: java.lang.ExceptionInInitializerError
at org.codehaus.plexus.compiler.javac.JavaxToolsCompiler.compileInProcess (JavaxToolsCompiler.java:172)
at org.codehaus.plexus.compiler.javac.JavacCompiler.performCompile (JavacCompiler.java:169)
at org.apache.maven.plugin.compiler.AbstractCompilerMojo.execute (AbstractCompilerMojo.java:823)
at org.apache.maven.plugin.compiler.CompilerMojo.execute (CompilerMojo.java:129)
at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:137)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:210)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:156)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:148)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81)
at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56)
at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128)
at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305)
at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192)
at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105)
at org.apache.maven.cli.MavenCli.execute (MavenCli.java:956)
at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:288)
at org.apache.maven.cli.MavenCli.main (MavenCli.java:192)
at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)
at jdk.internal.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62)
at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke (Method.java:566)
at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:289)
at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:229)
at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:415)
at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:356)
Caused by: java.lang.RuntimeException: java.lang.ExceptionInInitializerError
at com.sun.tools.javac.api.JavacTaskImpl.handleExceptions (JavacTaskImpl.java:163)
at com.sun.tools.javac.api.JavacTaskImpl.doCall (JavacTaskImpl.java:100)
at com.sun.tools.javac.api.JavacTaskImpl.call (JavacTaskImpl.java:94)
at org.codehaus.plexus.compiler.javac.JavaxToolsCompiler.compileInProcess (JavaxToolsCompiler.java:125)
at org.codehaus.plexus.compiler.javac.JavacCompiler.performCompile (JavacCompiler.java:169)
at org.apache.maven.plugin.compiler.AbstractCompilerMojo.execute (AbstractCompilerMojo.java:823)
at org.apache.maven.plugin.compiler.CompilerMojo.execute (CompilerMojo.java:129)
at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:137)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:210)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:156)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:148)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81)
at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56)
at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128)
at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305)
at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192)
at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105)
at org.apache.maven.cli.MavenCli.execute (MavenCli.java:956)
at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:288)
at org.apache.maven.cli.MavenCli.main (MavenCli.java:192)
at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)
at jdk.internal.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62)
at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke (Method.java:566)
at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:289)
at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:229)
at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:415)
at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:356)
Caused by: java.lang.ExceptionInInitializerError
at lombok.javac.handlers.HandleGetter. (HandleGetter.java:303)
at java.lang.Class.forName0 (Native Method)
at java.lang.Class.forName (Class.java:398)
at lombok.core.SpiLoadUtil$1$1.next (SpiLoadUtil.java:111)
at lombok.javac.HandlerLibrary.loadAnnotationHandlers (HandlerLibrary.java:171)
at lombok.javac.HandlerLibrary.load (HandlerLibrary.java:156)
at lombok.javac.JavacTransformer. (JavacTransformer.java:44)
at lombok.javac.apt.LombokProcessor.init (LombokProcessor.java:89)
at lombok.core.AnnotationProcessor$JavacDescriptor.want (AnnotationProcessor.java:87)
at lombok.core.AnnotationProcessor.init (AnnotationProcessor.java:140)
at lombok.launch.AnnotationProcessorHider$AnnotationProcessor.init (AnnotationProcessor.java:69)
at com.sun.tools.javac.processing.JavacProcessingEnvironment$ProcessorState. (JavacProcessingEnvironment.java:678)
at com.sun.tools.javac.processing.JavacProcessingEnvironment$DiscoveredProcessors$ProcessorStateIterator.next (JavacProcessingEnvironment.java:778)
at com.sun.tools.javac.processing.JavacProcessingEnvironment.discoverAndRunProcs (JavacProcessingEnvironment.java:873)
at com.sun.tools.javac.processing.JavacProcessingEnvironment$Round.run (JavacProcessingEnvironment.java:1214)
at com.sun.tools.javac.processing.JavacProcessingEnvironment.doProcessing (JavacProcessingEnvironment.java:1326)
at com.sun.tools.javac.main.JavaCompiler.processAnnotations (JavaCompiler.java:1258)
at com.sun.tools.javac.main.JavaCompiler.compile (JavaCompiler.java:936)
at com.sun.tools.javac.api.JavacTaskImpl.lambda$doCall$0 (JavacTaskImpl.java:104)
at com.sun.tools.javac.api.JavacTaskImpl.handleExceptions (JavacTaskImpl.java:147)
at com.sun.tools.javac.api.JavacTaskImpl.doCall (JavacTaskImpl.java:100)
at com.sun.tools.javac.api.JavacTaskImpl.call (JavacTaskImpl.java:94)
at org.codehaus.plexus.compiler.javac.JavaxToolsCompiler.compileInProcess (JavaxToolsCompiler.java:125)
at org.codehaus.plexus.compiler.javac.JavacCompiler.performCompile (JavacCompiler.java:169)
at org.apache.maven.plugin.compiler.AbstractCompilerMojo.execute (AbstractCompilerMojo.java:823)
at org.apache.maven.plugin.compiler.CompilerMojo.execute (CompilerMojo.java:129)
at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:137)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:210)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:156)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:148)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81)
at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56)
at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128)
at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305)
at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192)
at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105)
at org.apache.maven.cli.MavenCli.execute (MavenCli.java:956)
at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:288)
at org.apache.maven.cli.MavenCli.main (MavenCli.java:192)
at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)
at jdk.internal.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62)
at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke (Method.java:566)
at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:289)
at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:229)
at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:415)
at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:356)
Caused by: java.lang.ClassNotFoundException: com.sun.tools.javac.code.TypeTags
at java.lang.ClassLoader.findClass (ClassLoader.java:718)
at java.lang.ClassLoader.loadClass (ClassLoader.java:588)
at lombok.launch.ShadowClassLoader.loadClass (ShadowClassLoader.java:422)
at java.lang.ClassLoader.loadClass (ClassLoader.java:521)
at java.lang.Class.forName0 (Native Method)
at java.lang.Class.forName (Class.java:315)
at lombok.javac.JavacTreeMaker$SchroedingerType.getFieldCached (JavacTreeMaker.java:156)
at lombok.javac.JavacTreeMaker$TypeTag.typeTag (JavacTreeMaker.java:245)
at lombok.javac.Javac. (Javac.java:155)
at lombok.javac.handlers.HandleGetter. (HandleGetter.java:303)
at java.lang.Class.forName0 (Native Method)
at java.lang.Class.forName (Class.java:398)
at lombok.core.SpiLoadUtil$1$1.next (SpiLoadUtil.java:111)
at lombok.javac.HandlerLibrary.loadAnnotationHandlers (HandlerLibrary.java:171)
at lombok.javac.HandlerLibrary.load (HandlerLibrary.java:156)
at lombok.javac.JavacTransformer. (JavacTransformer.java:44)
at lombok.javac.apt.LombokProcessor.init (LombokProcessor.java:89)
at lombok.core.AnnotationProcessor$JavacDescriptor.want (AnnotationProcessor.java:87)
at lombok.core.AnnotationProcessor.init (AnnotationProcessor.java:140)
at lombok.launch.AnnotationProcessorHider$AnnotationProcessor.init (AnnotationProcessor.java:69)
at com.sun.tools.javac.processing.JavacProcessingEnvironment$ProcessorState. (JavacProcessingEnvironment.java:678)
at com.sun.tools.javac.processing.JavacProcessingEnvironment$DiscoveredProcessors$ProcessorStateIterator.next (JavacProcessingEnvironment.java:778)
at com.sun.tools.javac.processing.JavacProcessingEnvironment.discoverAndRunProcs (JavacProcessingEnvironment.java:873)
at com.sun.tools.javac.processing.JavacProcessingEnvironment$Round.run (JavacProcessingEnvironment.java:1214)
at com.sun.tools.javac.processing.JavacProcessingEnvironment.doProcessing (JavacProcessingEnvironment.java:1326)
at com.sun.tools.javac.main.JavaCompiler.processAnnotations (JavaCompiler.java:1258)
at com.sun.tools.javac.main.JavaCompiler.compile (JavaCompiler.java:936)
at com.sun.tools.javac.api.JavacTaskImpl.lambda$doCall$0 (JavacTaskImpl.java:104)
at com.sun.tools.javac.api.JavacTaskImpl.handleExceptions (JavacTaskImpl.java:147)
at com.sun.tools.javac.api.JavacTaskImpl.doCall (JavacTaskImpl.java:100)
at com.sun.tools.javac.api.JavacTaskImpl.call (JavacTaskImpl.java:94)
at org.codehaus.plexus.compiler.javac.JavaxToolsCompiler.compileInProcess (JavaxToolsCompiler.java:125)
at org.codehaus.plexus.compiler.javac.JavacCompiler.performCompile (JavacCompiler.java:169)
at org.apache.maven.plugin.compiler.AbstractCompilerMojo.execute (AbstractCompilerMojo.java:823)
at org.apache.maven.plugin.compiler.CompilerMojo.execute (CompilerMojo.java:129)
at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:137)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:210)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:156)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:148)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81)
at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56)
at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128)
at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305)
at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192)
at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105)
at org.apache.maven.cli.MavenCli.execute (MavenCli.java:956)
at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:288)
at org.apache.maven.cli.MavenCli.main (MavenCli.java:192)
at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)
at jdk.internal.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62)
at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke (Method.java:566)
at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:289)
at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:229)
at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:415)
at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:356)
[ERROR]
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoExecutionException

Error creating bean with name 'dataSourceScriptDatabaseInitializer' defined in class path resource [org/springframework/boot/autoconfigure/sql/init/DataSourceInitializationConfiguration.class]: Unsatisfied dependency expressed through method 'dataSourceScriptDatabaseInitializer' parameter 0; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'dataSource' defined in class path resource [org/springframework/boot/autoconfigure/jdbc/DataSourceConfiguration$Hikari.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [com.zaxxer.hikari.HikariDataSource]: Factory method 'dataSource' threw exception; nested exception is java.lang.NoClassDefFoundError: com/amazonaws/transform/EnhancedJsonErrorUnmarshaller

https://github.com/aws/aws-secretsmanager-jdbc

Describe the bug

I believe same issues with this (#44).

Interesting point is it works pretty well when I run the application using embedded tomcat, but it makes error when I use external Tomcat.

java.lang.IllegalStateException: No Driver has been registered with name, com.mysql.cj.jdbc.Driver. Please check your system properties or secretsmanager.properties for typos.

Here is my Config. Properties are fine.

`
package com.mainlab.config;

import com.mchange.v2.c3p0.ComboPooledDataSource;
import org.apache.ibatis.session.SqlSessionFactory;
import org.mybatis.spring.SqlSessionFactoryBean;
import org.mybatis.spring.SqlSessionTemplate;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.ApplicationContext;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.PropertySource;
import org.springframework.jdbc.datasource.DataSourceTransactionManager;
import org.springframework.transaction.PlatformTransactionManager;
import org.springframework.transaction.annotation.EnableTransactionManagement;

import javax.sql.DataSource;
import java.beans.PropertyVetoException;
import java.io.IOException;

@configuration
@EnableTransactionManagement
@propertysource("classpath:application.properties")
public class DatabaseConfig {

@Autowired
ApplicationContext applicationContext;

@Value("${spring.datasource.driver-class-name}")
private String driverClassName;

@Value("${spring.datasource.url}")
private String url;

@Value("${spring.datasource.username}")
private String username;

@Bean(name = "dataSource")
public DataSource dataSource() throws PropertyVetoException {
    ComboPooledDataSource dataSource = new ComboPooledDataSource();
    dataSource.setDriverClass(driverClassName);
    dataSource.setJdbcUrl(url);
    dataSource.setUser(username);
    return dataSource;
}

@Bean
public PlatformTransactionManager transactionManager() throws PropertyVetoException {
    return new DataSourceTransactionManager(dataSource());
}

@Bean
public SqlSessionFactoryBean sqlSessionFactoryBean(DataSource dataSource) throws IOException {
    SqlSessionFactoryBean factoryBean = new SqlSessionFactoryBean();
    factoryBean.setDataSource(dataSource);
    factoryBean.setConfigLocation(applicationContext.getResource("classpath:mybatis-config.xml"));
    factoryBean.setMapperLocations(applicationContext.getResources("classpath:sqlmap/**/*Sql.xml"));
    return factoryBean;
}

@Bean
public SqlSessionFactory sqlSessionFactory() throws Exception {
    return sqlSessionFactoryBean(dataSource()).getObject();
}

@Bean
public SqlSessionTemplate sqlSessionTemplate(SqlSessionFactory sqlSessionFactory) {
    return new SqlSessionTemplate(sqlSessionFactory);
}

}
`

To Reproduce
Steps to reproduce the behavior:

I meet an error everytime.

Expected behavior
A description of what you expected to happen.

DB connected successfully.

Environment:
Details about your environment (OS, Java version, AWS SDK version...)

docker, openjdk11, 1.0.8(latest)

Additional context
Add any other context about the problem here.

After upgrading from 1.08 to 1.0.10 I noticed a new transitive dependency on JaCoCo.

It looks like this dependency should have a test scope.

It was introduced in #93

In my application im ussing postgres driver but i need to use the constructor with AWSSecretsManager param because i connect with AWS with the access key, secret key and region.

There's any way to use this constructor specifying by configuration?

Thanks for the work.

I'm getting an error --> Cannot begin a subsegment without an initialized segment

when a password has been changed and secret manager lib detects an error after requesting a new connection,

and it calls SecretCacheItem.executeRefresh

protected DescribeSecretResult executeRefresh() {
        DescribeSecretResult describeSecretResult = client.describeSecret(
                updateUserAgent(new DescribeSecretRequest()
                        .withSecretId(this.secretId)));
        long ttl = this.config.getCacheItemTTL();
        this.nextRefreshTime = System.currentTimeMillis() +
                ThreadLocalRandom.current().nextLong(ttl / 2,ttl + 1) ;
        return describeSecretResult;
    }

I configure AWS X-ray and it's failed when getting TraceEntity

public Subsegment beginSubsegment(String name) {
        Entity traceEntity = this.getTraceEntity();
        if (traceEntity == null) {
            throw new IllegalStateException("Cannot begin a subsegment without an initialized segment");
        } else {
            return super.beginSubsegment(name);
        }
    }

To Reproduce
You may try to add AWS X-ray into Java Project and try to execute refreshNow method

Expected behavior
Secret Manager should be refreshed with new value from Secret Manager

Environment:
OS: Windows 10
Java: 1.8
AWS SDK: 1.11.446

Additional context
You can check more detail from the attachment which is stacktrace.

Describe the bug

According to the postgres driver, jdbc urls need to end with a forward slash: https://github.com/pgjdbc/pgjdbc/blob/5c9928d81e4a337518c1e1104ea17f4b29269320/pgjdbc/src/main/java/org/postgresql/Driver.java#L567

However, AWSSecretsManagerPostgreSQLDriver only appends the forward slash if a dbname is found in the secret: https://github.com/aws/aws-secretsmanager-jdbc/blame/42dc301cc7e1a47b148f8526392be9fe8ecdaff2/src/main/java/com/amazonaws/secretsmanager/sql/AWSSecretsManagerPostgreSQLDriver.java#L119

Despite RDS Postgres db instances always having a default postgres database if no db name is specified, secrets created from such db instances do not contain the dbname json property.

To Reproduce

1. Create an RDS Postgres instance without providing a dbname
2. Create a Secrets Manager secret to access this database.
3. Connect to the database using AWSSecretsManagerPostgreSQLDriver. Use the driver's connect method and pass the secret ARN for the URL.

Expected behavior
I think the proper behavior should be to append the forward slash always and then append the db name if it exists.

Can anyone tell me the reason for this exception? The attempt to create a c3p0 pool connection is failing Below I have listed some of the log lines :
Exception in thread "C3P0PooledConnectionPoolManager[identityToken->2vub2da5vl71nm6ob8c8|52c5ff41, dataSourceName->sampleDB]-HelperThread-#2" java.lang.NoClassDefFoundError: Could not initialize class com.amazonaws.secretsmanager.sql.AWSSecretsManagerMySQLDriver
at java.lang.Class.forName0(Native Method)
at java.lang.Class.forName(Class.java:264)
at com.mchange.v2.c3p0.DriverManagerDataSource.ensureDriverLoaded(DriverManagerDataSource.java:143)
at com.mchange.v2.c3p0.DriverManagerDataSource.getConnection(DriverManagerDataSource.java:173)
at com.mchange.v2.c3p0.WrapperConnectionPoolDataSource.getPooledConnection(WrapperConnectionPoolDataSource.java:220)
at com.mchange.v2.c3p0.WrapperConnectionPoolDataSource.getPooledConnection(WrapperConnectionPoolDataSource.java:206)
at com.mchange.v2.c3p0.impl.C3P0PooledConnectionPool$1PooledConnectionResourcePoolManager.acquireResource(C3P0PooledConnectionPool.java:203)
at com.mchange.v2.resourcepool.BasicResourcePool.doAcquire(BasicResourcePool.java:1138)
at com.mchange.v2.resourcepool.BasicResourcePool.doAcquireAndDecrementPendingAcquiresWithinLockOnSuccess(BasicResourcePool.java:1125)
at com.mchange.v2.resourcepool.BasicResourcePool.access$700(BasicResourcePool.java:44)
at com.mchange.v2.resourcepool.BasicResourcePool$ScatteredAcquireTask.run(BasicResourcePool.java:1870)
at com.mchange.v2.async.ThreadPoolAsynchronousRunner$PoolThread.run(ThreadPoolAsynchronousRunner.java:696)
WARN | 2019-09-27 08:31:56,865 | C3P0PooledConnectionPoolManager[identityToken->2vub2da5vl71nm6ob8c8|52c5ff41, dataSourceName->sampleDB]-HelperThread-#0 | An Error forced the closing of Thread[C3P0PooledConnectionPoolManager[identityToken->2vub2da5vl71nm6ob8c8|52c5ff41, dataSourceName->sampleDB]-HelperThread-#0,5,main]. Will attempt to reconstruct, but this might mean that something bad is happening. |

Hello,

We are using the aws-secretsmanager-jdbc library in conjunction with TomEE and have been observing a leak of AWSSecretsManagerOracleDriver objects.

After adding some traces in the aws-secretsmanager-jdbc code, what we understood is:

1. Each time a connection is created the TomEE framework instantiates a new AWSSecretsManagerOracleDriver object and sets it as the 'driver' attribute of the connection object (line 235 of TomEEDataSourceCreator.java - link here: https://github.com/apache/tomee/blob/master/tomee/tomee-jdbc/src/main/java/org/apache/tomee/jdbc/TomEEDataSourceCreator.java).

2. When instantiated, the AWSSecretsManagerOracleDriver object registers itself in the 'DriverManager' (line 154 of AWSSecretsManagerDriver.java)

3. When the connection is destroyed later, the driver object is apparently not deregistered from the 'DriverManager', so its stays indefinitely, which creates the leak.

We tried to disable the DriverManager registration in the AWSSecretsManagerOracleDriver constructor (just leaving the registration in the static initialization block of AWSSecretsManagerOracleDriver) and the leak has effectively disappeared. But we fear to have misunderstood something fundamental and that this workaround is not correct: we admit not being very familiar with the aforementioned frameworks. Could anyone shed some light?

Describe the bug
If you run in a Java 17 enviornment you get the following error:

com.amazonaws.AmazonServiceException: Unable to unmarshall exception response with the unmarshallers provided (Service: AWSSecretsManager; Status Code: 400; Error Code: ValidationException; Request ID: fed26f11-6cf7-4b46-8e41-c887299d3010; Proxy: null)

To Reproduce
Try using the library in an application running on Java 17

Expected behavior
I successfully connect to the database

Environment:
OS: Mac Monterey
Java: openjdk 17.0.4.1 2022-08-12 LTS

Additional context
Seems to be related to the use of AWS JDK 1.x which does not support JDK 17, would need to upgrade to AWS JDK 2.0. See Maintenance and Support for Java Versions

Resource
name="jdbc/eampleDB"
auth="Container"
type="javax.sql.DataSource"
factory="org.apache.tomcat.jdbc.pool.DataSourceFactory"
maxActive="100"
maxIdle="30"
maxWait="1000"
username="awssecret"

driverClassName="com.amazonaws.secretsmanager.sql.AWSSecretsManagerMySQLDriver"
url="jdbc-secretsmanager:mysql://hostname:3306/example?useSSL=false"

connection works for a time and after a some time connection go stale , connection already closed exception

Trying to use the MySQL driver to grab our secrets from AWS using the Maven Liquibase plugin and I keep getting this error:

[ERROR] Failed to execute goal org.liquibase:liquibase-maven-plugin:4.7.1:status (default-cli) on project smart-is:
[ERROR] Error setting up or running Liquibase:
[ERROR] liquibase.exception.DatabaseException: liquibase.exception.DatabaseException: java.lang.IllegalStateException: No Driver has been registered with name, com.mysql.cj.jdbc.Driver. Please check your system properties or secretsmanager.properties for typos. Also ensure that the Driver registers itself.

I went with the solution as described in Issue #47 where you write your own custom SecretsManager driver and make sure that the driver registers itself. Basically I had changed AWSSecretsManagerMySQLDriver.getDefaultDriverClass() line #132 to:

 Class.forName("com.mysql.cj.jdbc.Driver", true, this.getClass().getClassLoader());

My Liquibase config is as follows (defined in our pom.xml):

	<plugin>
		<groupId>org.liquibase</groupId>
		<artifactId>liquibase-maven-plugin</artifactId>
		<version>4.7.1</version>
		<configuration>
			<driver>com.amazonaws.secretsmanager.sql.AWSSecretsManagerMySQLDriver</driver>
			<username>{AWS secrets name}</username>
			<url>jdbc-secretsmanager:mysql://{path to our DB}</url>
			<changeLogFile>{location of our changeset file}</changeLogFile>
		</configuration>
	</plugin>

Can someone confirm/fix this issue? Having to extend AWSSecretsManagerDriver is a hacky way of doing things...

Discussed in #221

Hello,

Im having issues while trying to use the connector on a regular spring-boot war deployed artifact on tomcat. So far i have seen the following:

• With the regular jdbc connector, the jdbc driver gets registered on the driver manager when attempting the connection. This works.
• When using the secrets manager connector, the first connection attempt registers AWSSecretsManagerDriver as expected but when it tries to get the underlying driver (in this case the jdbc real driver) the driver isnt registered in the drivermanager, thus failing with "No Driver has been registered with name".

Setup is:
-Packaging type: war
-Spring boot version: 1.3.5.RELEASE with the following starters:
<dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-jdbc</artifactId> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-web</artifactId> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-actuator</artifactId> </dependency>
-Aws secretsmanager jdbc version: 1.0.2

This is happening only when the artifact is a war file and not jar launched application, with the embedded tomcat instead of the external one.

Some guidance would be appreciated.

I'm trying to create a data source using an application config file like Spring Boot. However, the current implementation does not allow you to change the SecretCacheConfiguration.cacheItemTTL externally.
Therefore, I propose a method to specify SecretCacheConfiguration.cacheItemTTL from outside the program with system properties or environment variables.