我正在编写一个测试,看看我是否可以在本地计算机上以 Java 形式访问存储在 AWS Secrets Manager 中的凭证。
我已经按照 aws 文档
此处中的建议运行
aws sts get-caller-identity
命令来测试我的计算机上是否有活动会话。
我什至在intelliJ的终端中运行了命令
aws secretsmanager get-secret-value --secret-id some-id
来检查我是否可以检索秘密值并且我成功了。
但是,当我尝试使用 AWS SDK 获取该值时
var client = SecretsManagerClient.builder()
.region(Region.of(region))
.build();
var getSecretValueRequest = GetSecretValueRequest.builder()
.secretId(secretName)
.build();
var getSecretValueResponse = client.getSecretValue(getSecretValueRequest);
失败并出现以下错误:
software.amazon.awssdk.core.exception.SdkClientException: Unable to load credentials from any of the providers in the chain AwsCredentialsProviderChain(credentialsProviders=[SystemPropertyCredentialsProvider(), EnvironmentVariableCredentialsProvider(), WebIdentityTokenCredentialsProvider(), ProfileCredentialsProvider(profileName=default, profileFile=ProfileFile(profilesAndSectionsMap=[{default=Profile(name=default, properties=[output, sso_session, aws_access_key_id, aws_secret_access_key, region, sso_role_name, sso_account_id])}, {my-sso=Profile(name=my-sso, properties=[sso_region, sso_start_url, sso_registration_scopes])}])), ContainerCredentialsProvider(), InstanceProfileCredentialsProvider()]) : [SystemPropertyCredentialsProvider(): Unable to load credentials from system settings. Access key must be specified either via environment variable (AWS_ACCESS_KEY_ID) or system property (aws.accessKeyId)., EnvironmentVariableCredentialsProvider(): Unable to load credentials from system settings. Access key must be specified either via environment variable (AWS_ACCESS_KEY_ID) or system property (aws.accessKeyId)., WebIdentityTokenCredentialsProvider(): Either the environment variable AWS_WEB_IDENTITY_TOKEN_FILE or the javaproperty aws.webIdentityTokenFile must be set., ProfileCredentialsProvider(profileName=default, profileFile=ProfileFile(profilesAndSectionsMap=[{default=Profile(name=default, properties=[output, sso_session, aws_access_key_id, aws_secret_access_key, region, sso_role_name, sso_account_id])}, {my-sso=Profile(name=my-sso, properties=[sso_region, sso_start_url, sso_registration_scopes])}])): To use Sso related properties in the 'default' profile, the 'sso' service module must be on the class path., ContainerCredentialsProvider(): Cannot fetch credentials from container - neither AWS_CONTAINER_CREDENTIALS_FULL_URI or AWS_CONTAINER_CREDENTIALS_RELATIVE_URI environment variables are set., InstanceProfileCredentialsProvider(): Failed to load credentials from IMDS.]
at software.amazon.awssdk.core.exception.SdkClientException$BuilderImpl.build(SdkClientException.java:111)
at software.amazon.awssdk.auth.credentials.AwsCredentialsProviderChain.resolveCredentials(AwsCredentialsProviderChain.java:117)
at software.amazon.awssdk.auth.credentials.internal.LazyAwsCredentialsProvider.resolveCredentials(LazyAwsCredentialsProvider.java:45)
at software.amazon.awssdk.auth.credentials.DefaultCredentialsProvider.resolveCredentials(DefaultCredentialsProvider.java:123)
at software.amazon.awssdk.core.internal.util.MetricUtils.measureDuration(MetricUtils.java:50)
at software.amazon.awssdk.awscore.internal.authcontext.AwsCredentialsAuthorizationStrategy.resolveCredentials(AwsCredentialsAuthorizationStrategy.java:100)
at software.amazon.awssdk.awscore.internal.authcontext.AwsCredentialsAuthorizationStrategy.addCredentialsToExecutionAttributes(AwsCredentialsAuthorizationStrategy.java:77)
at software.amazon.awssdk.awscore.internal.AwsExecutionContextBuilder.invokeInterceptorsAndCreateExecutionContext(AwsExecutionContextBuilder.java:120)
at software.amazon.awssdk.awscore.client.handler.AwsSyncClientHandler.invokeInterceptorsAndCreateExecutionContext(AwsSyncClientHandler.java:69)
at software.amazon.awssdk.core.internal.handler.BaseSyncClientHandler.lambda$execute$1(BaseSyncClientHandler.java:78)
at software.amazon.awssdk.core.internal.handler.BaseSyncClientHandler.measureApiCallSuccess(BaseSyncClientHandler.java:179)
at software.amazon.awssdk.core.internal.handler.BaseSyncClientHandler.execute(BaseSyncClientHandler.java:76)
at software.amazon.awssdk.core.client.handler.SdkSyncClientHandler.execute(SdkSyncClientHandler.java:45)
at software.amazon.awssdk.awscore.client.handler.AwsSyncClientHandler.execute(AwsSyncClientHandler.java:56)
at software.amazon.awssdk.services.secretsmanager.DefaultSecretsManagerClient.getSecretValue(DefaultSecretsManagerClient.java:983)
将您的凭据放入名为 Credentals 的文件中,如 Java DEV 指南中所述。
https://docs.aws.amazon.com/sdk-for-java/latest/developer-guide/credentials-chain.html
看选项 4。参见此图。
这个文件的内容是。
[默认] aws_access_key_id=AKIxxxxxxxxxxxxxxxxxxxxxxxxxxx aws_secret_access_key=K3Oxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx