如何将数据库 AWS 秘密传递到 tomcat context.xml 中? [英] How to pass the DB AWS secret into tomcat context.xml?

问题描述

我有一个连接到数据库的 context.xml.

I have a context.xml where I am connecting to DB.

<?xml version='1.0' encoding='utf-8'?>
<Context>
<WatchedResource>WEB-INF/web.xml</WatchedResource>
<WatchedResource>${catalina.base}/conf/web.xml</WatchedResource>

<Resource name="jdbc/SS" 
        auth="Container"
        type="javax.sql.DataSource"
        factory="org.apache.tomcat.jdbc.pool.DataSourceFactory" 
        username="a***b"
        password="C********1"
        driverClassName="org.postgresql.Driver"
        url="jdbc:postgresql://**********:****/a***b"
        maxActive="100"
        maxIdle="50"
        minIdle="10"
        testWhileIdle="true"
        maxWait="30000"  
        maxAge="60000"
        removeAbandoned="true" 
        removeAbandonedTimeout="600" />
</Context>

我需要从秘密管理器获取数据库凭据，并通过替换硬编码的数据库凭据将值传递到 context.xml 中.

I need to get the DB credentials from the secret manager and pass the values into the context.xml by replacing the hardcoded DB credentials.

有什么办法可以做到这一点吗?

Is there any way to achieve this?

推荐答案

如果要动态加载数据库凭据.可以只在 Tomcat 加载 context.xml 一次的时候(因为 Tomcat 在启动时只读取一次环境变量).

If you want to load the DB credential dynamically. It is possible to only for the time Tomcat is loading context.xml once (because Tomcat read environment variable only once at startup).

请注意，在运行时，每当 contxt.xml 更改时，相关的 Web 应用程序都会重新加载.Tomcat 没有重启.

Notice that at runtime, whenever contxt.xml change the relevant web application reloads. Tomcat is not restarted.

所以诀窍是将数据库凭据作为 JVM 参数/参数提供，就像上面的 ${catalina.base}

So the trick is to deliver DB credentials as JVM parameter/argument, like the above ${catalina.base}

有 3 个阶段:

1. 声明并设置环境变量的值:

1. Declare and set value to the environment variable:

export DB_CREDENTIALS='*****'

好地方在Tomcat的用户登录脚本.bash_profile，或者Tomcat环境setenv.sh

Good place is at Tomcat's user login script.bash_profile, or Tomcat environments setenv.sh

为环境变量创建JVM参数(系统变量):在setenv.sh最后一行之前添加以下行.

Create a JVM parameter (system variable) for environment variable: add the following line to setenv.sh before the last line.

-Denvironment.db.credentials=${DB_CREDENTIALS} \

使用/调用 context.xml 中声明的 JVM 参数.例如:

Use/call the declared JVM parameter in context.xml. For example:

url="jdbc:postgresql://**********:****/${environment.db.credentials}"

这篇关于如何将数据库 AWS 秘密传递到 tomcat context.xml 中?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！