英文:
How to pass the DB AWS secret into tomcat context.xml?
问题
我有一个 context.xml 文件,在其中连接到数据库。
<?xml version='1.0' encoding='utf-8'?>
<Context>
<WatchedResource>WEB-INF/web.xml</WatchedResource>
<WatchedResource>${catalina.base}/conf/web.xml</WatchedResource>
<Resource name="jdbc/SS"
auth="Container"
type="javax.sql.DataSource"
factory="org.apache.tomcat.jdbc.pool.DataSourceFactory"
username="a***b"
password="C********1"
driverClassName="org.postgresql.Driver"
url="jdbc:postgresql://**********:****/a***b"
maxActive="100"
maxIdle="50"
minIdle="10"
testWhileIdle="true"
maxWait="30000"
maxAge="60000"
removeAbandoned="true"
removeAbandonedTimeout="600" />
</Context>
我需要从密钥管理器中获取数据库凭据,并将这些值传递到 context.xml 中,以替换硬编码的数据库凭据。
是否有实现这一目标的方法?
英文:
I have a context.xml where I am connecting to DB.
<?xml version='1.0' encoding='utf-8'?>
<Context>
<WatchedResource>WEB-INF/web.xml</WatchedResource>
<WatchedResource>${catalina.base}/conf/web.xml</WatchedResource>
<Resource name="jdbc/SS"
auth="Container"
type="javax.sql.DataSource"
factory="org.apache.tomcat.jdbc.pool.DataSourceFactory"
username="a***b"
password="C********1"
driverClassName="org.postgresql.Driver"
url="jdbc:postgresql://**********:****/a***b"
maxActive="100"
maxIdle="50"
minIdle="10"
testWhileIdle="true"
maxWait="30000"
maxAge="60000"
removeAbandoned="true"
removeAbandonedTimeout="600" />
</Context>
I need to get the DB credentials from the secret manager and pass the values into the context.xml by replacing the hardcoded DB credentials.
Is there any way to achieve this?
答案1
得分: 2
如果您想动态加载数据库凭据。只有在Tomcat加载context.xml
一次的情况下才可能(因为Tomcat只在启动时读取环境变量一次)。
请注意,在运行时,无论何时contxt.xml
更改相关的Web应用程序都会重新加载。Tomcat不会被重新启动。
因此,诀窍是将DB凭据作为JVM参数/参数传递,就像上面的${catalina.base}
一样。
有三个阶段:
-
声明并设置环境变量的值:
export DB_CREDENTIALS='*****'
一个好的地方是在Tomcat的用户登录脚本
.bash_profile
中,或者在Tomcat环境的setenv.sh
中。 -
为环境变量创建JVM参数(系统变量):在最后一行之前的
setenv.sh
中添加以下行。-Denvironment.db.credentials=${DB_CREDENTIALS} \
-
在context.xml中使用/调用已声明的JVM参数。例如:
url="jdbc:postgresql://**********:****/${environment.db.credentials}"
英文:
If you want to load the DB credential dynamically. It is possible to only for the time Tomcat is loading context.xml
once (because Tomcat read environment variable only once at startup).
Notice that at runtime, whenever contxt.xml
change the relevant web application reloads. Tomcat is not restarted.
So the trick is to deliver DB credentials as JVM parameter/argument, like the above ${catalina.base}
There are 3 stages:
-
Declare and set value to the environment variable:
export DB_CREDENTIALS='*****'
Good place is at Tomcat's user login script
.bash_profile
, or Tomcat environmentssetenv.sh
-
Create a JVM parameter (system variable) for environment variable: add the following line to
setenv.sh
before the last line.-Denvironment.db.credentials=${DB_CREDENTIALS} \
-
Use/call the declared JVM parameter in context.xml. For example:
url="jdbc:postgresql://**********:****/${environment.db.credentials}"
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论