lyjung92
commented
7 years ago Sorry Ray. I wasn't sure how to use environment variable for web server.
Open rayxiaonet opened 7 years ago
lyjung92
commented
7 years ago Sorry Ray. I wasn't sure how to use environment variable for web server.
rayxiaonet
commented
7 years ago you have a database.property file already, that's a good start.
Add @Value("${amazon.aws.secretkey}") and remove the assignment code for your private String secretKeyId, to make the property working first.
To use environment variables, run following command in comand line:
export SPRING_APPLICATION_JSON='{"amazon.aws.secretkey":"xxxxx"}' (mac/linux)
or
set SPRING_APPLICATION_JSON='{"amazon.aws.secretkey":"xxxxx"}' (windows)
to set the command line environment;
then start your web server with command
java -jar <your built jar file>
Spring should pick up the environment's configuration for amazon.aws.secretkey over the value in properties.
If you are using IDE to start, checkout the run configuration -> environment property configurations, you should able to specify the "SPRING_APPLICATION_JSON" env var as well.
Let me know if you still have problem on this.
lyjung92
commented
7 years ago Thanks for the instruction, Ray. I have another quick question. When we deploy our web server to AWS EC2 (or Lambda?), will environment variables in our personal computer still be effective in AWS?
rayxiaonet
commented
7 years ago When you are deploy to a different "environment"(different machine/different user, etc), the environment variables will be totally different.
Check more background information from https://en.wikipedia.org/wiki/Environment_variable
lyjung92
commented
7 years ago Ray, will it be possible to get another access key and secret key to access DynamoDB since AWS shut down api key?
ychennay
commented
7 years ago @lyjung92 I set up an XML configuration file for our properties file, and store them in a home directory. This may help be a temporary fix. We've been having issues using annotations to configure our properties file, which was the original reason why the keys ended up being hardcoded in.
@rayxiaonet is there one method you prefer? (environment variables vs. home directory properties file)
rayxiaonet
commented
7 years ago These 3 are widely used approaches (env var, private config file, public config file with encrypted values).
Each approach comes with pros and cons. I don't have a strong preference here so you guys can decide it based on your own thoughts, just think about why for your current decision. You will learn more details for those pros and cons, and reasons in your future career once you work on larger projects.
This is a bad practice. Don't checkin any unencrypted credential into source code https://github.com/ychennay/DiningApplication/blob/master/src/main/java/dao/DynamoClientMapper.java#L41
Actually Amazon AWS scanned this, and suspend the dev account's api key already, but please remove this from code ASAP lol.
Consider any of following solutions for credential:
java -Dspring.application.json= '{"spring.profiles.active":"qa","spring.datasource.username":"xxxx", "spring.datasource.password":"xxx"}' -jar connoisseur-account-service-0.0.1-SNAPSHOT.jarmore details can find from https://docs.spring.io/spring-boot/docs/current/reference/html/boot-features-external-config.html