Aws Sdk Java V2 Secrets Manager
Add AWS Secrets Manager to a Java Spring service with SDK v2 clients and an optional in-process secret cache.
Overview
aws-sdk-java-v2-secrets-manager is an agent skill most often used in Build (also Ship security) that wires Java Spring apps to AWS Secrets Manager via SDK v2 and optional SecretCache.
Install
npx skills add https://github.com/giuseppe-trisciuoglio/developer-kit --skill aws-sdk-java-v2-secrets-managerWhat is this skill?
- Spring @Configuration pattern for SecretsManagerClient with region and static credentials provider placeholders
- SecretCache bean with maxCacheSize 100 and cacheItemTTL 3600000 ms (1 hour) in the template
- AWS SDK for Java v2 SecretsManagerClient builder setup
- API reference section for Secrets Manager store, manage, and retrieve operations
- Property-driven aws.secrets.region and credential keys for local or env-based config
- SecretCache template sets maxCacheSize to 100
- SecretCache template sets cacheItemTTL to 3600000 ms (1 hour)
Adoption & trust: 1.1k installs on skills.sh; 271 GitHub stars; 3/3 security scanners passed (skills.sh audits).
What problem does it solve?
Your Spring API still reads secrets from flat env vars or code and you need SDK v2 plus caching without reinventing client setup.
Who is it for?
Indie builders on Java 17+ / Spring who deploy on AWS and want a standard Secrets Manager integration pattern.
Skip if: Node or Python stacks, local-only .env workflows with no AWS, or teams that need full rotation Lambda automation in one skill.
When should I use this skill?
Implementing or refactoring Java Spring services that must load secrets from AWS Secrets Manager with SDK v2.
What do I get? / Deliverables
You get configurable SecretsManagerClient and SecretCache beans ready to fetch and cache secrets by name at runtime.
- SecretsManagerClient Spring @Bean configuration
- Optional SecretCache bean with documented size and TTL defaults
Recommended Skills
Journey fit
Spans multiple journey phases - primary shelf plus alternate fits below.
Secret retrieval wiring is canonical on Build/backend when you implement credential and config loading in application code. Backend fits SDK client beans, Spring configuration, and runtime secret fetch patterns—not front-end or pure CI-only deploy scripts.
Where it fits
Replace hardcoded JDBC passwords with a secret name resolved through SecretsManagerClient in your API service.
Validate that production uses IAM roles instead of static keys in the credentials provider before go-live.
Tune SecretCache max size and TTL after observing Secrets Manager API throttling in steady traffic.
How it compares
Java Spring integration templates—not HashiCorp Vault or SSM Parameter Store docs.
Common Questions / FAQ
Who is aws-sdk-java-v2-secrets-manager for?
Solo and small-team Java developers using Spring and AWS who want agent help scaffolding Secrets Manager clients and cache configuration.
When should I use aws-sdk-java-v2-secrets-manager?
During Build when wiring backend secrets; during Ship when hardening credential storage before launch; during Operate when adjusting cache TTL or client region for production rotation.
Is aws-sdk-java-v2-secrets-manager safe to install?
Templates reference access keys in config placeholders—prefer IAM roles in production and review the Security Audits panel on this Prism page before committing credentials.
SKILL.md
READMESKILL.md - Aws Sdk Java V2 Secrets Manager
import com.amazonaws.secretsmanager.caching.SecretCache; import com.amazonaws.secretsmanager.caching.SecretCacheConfiguration; import software.amazon.awssdk.auth.credentials.AwsBasicCredentials; import software.amazon.awssdk.auth.credentials.StaticCredentialsProvider; import software.amazon.awssdk.regions.Region; import software.amazon.awssdk.services.secretsmanager.SecretsManagerClient; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; @Configuration public class {{ConfigClass}} { @Value("${aws.secrets.region}") private String region; @Bean public SecretsManagerClient secretsManagerClient() { return SecretsManagerClient.builder() .region(Region.of(region)) .credentialsProvider(StaticCredentialsProvider.create( AwsBasicCredentials.create( "${aws.accessKeyId}", "${aws.secretKey}" ) )) .build(); } @Bean public SecretCache secretCache(SecretsManagerClient secretsClient) { SecretCacheConfiguration config = SecretCacheConfiguration.builder() .maxCacheSize(100) .cacheItemTTL(3600000) // 1 hour .build(); return new SecretCache(secretsClient, config); } } # AWS Secrets Manager API Reference ## Overview AWS Secrets Manager provides a service to enable you to store, manage, and retrieve secrets with API version 2017-10-17. ## Core Classes ### SecretsManagerClient - **Purpose**: Synchronous client for AWS Secrets Manager - **Location**: `software.amazon.awssdk.services.secretsmanager.SecretsManagerClient` - **Builder**: `SecretsManagerClient.builder()` ### SecretsManagerAsyncClient - **Purpose**: Asynchronous client for AWS Secrets Manager - **Location**: `software.amazon.awssdk.services.secretsmanager.SecretsManagerAsyncClient` - **Builder**: `SecretsManagerAsyncClient.builder()` ## Configuration Classes ### SecretsManagerClientBuilder - Methods: - `region(Region region)` - Set AWS region - `credentialsProvider(AwsCredentialsProvider credentialsProvider)` - Set credentials - `build()` - Create client instance ### SecretsManagerServiceClientConfiguration - Service client settings and configuration ## Request Types ### CreateSecretRequest - **Fields**: - `name(String name)` - Secret name (required) - `secretString(String secretString)` - Secret value - `secretBinary(SdkBytes secretBinary)` - Binary secret value - `description(String description)` - Secret description - `kmsKeyId(String kmsKeyId)` - KMS key for encryption - `tags(List<Tag> tags)` - Tags for organization ### GetSecretValueRequest - **Fields**: - `secretId(String secretId)` - Secret name or ARN - `versionId(String versionId)` - Specific version ID - `versionStage(String versionStage)` - Version stage (e.g., "AWSCURRENT") ### UpdateSecretRequest - **Fields**: - `secretId(String secretId)` - Secret name or ARN - `secretString(String secretString)` - New secret value - `secretBinary(SdkBytes secretBinary)` - New binary secret value - `kmsKeyId(String kmsKeyId)` - KMS key for encryption ### DeleteSecretRequest - **Fields**: - `secretId(String secretId)` - Secret name or ARN - `recoveryWindowInDays(Long recoveryWindowInDays)` - Recovery period - `forceDeleteWithoutRecovery(Boolean forceDeleteWithoutRecovery)` - Immediate deletion ### RotateSecretRequest - **Fields**: - `secretId(String secretId)` - Secret name or ARN - `rotationLambdaArn(String rotationLambdaArn)` - Lambda ARN for rotation - `rotationRules(RotationRulesType rotationRules)` - Rotation configuration - `rotationSchedule(RotationScheduleType rotationSchedule)` - Schedule configuration ## Response Types ### CreateSecretResponse - **Fields**: - `arn()` - Secret ARN - `name()` - Secret name - `versionId()` - Version ID ### GetSecretValueResponse - **Fields**: - `arn()` - Secr