AWS Secrets Manager with VM
This article explains how to integrate AWS Secrets Manager with the OvalEdge application to securely manage sensitive credentials and configuration values.
Prerequisites
AWS Secret Format: Ensure a secret is created in AWS Secrets Manager with the following JSON structure:
{ "jdbcstringurl": "jdbc:mysql://db.example.com:3306/ovaledge", "username": "db_user", "password": "db_pass", "readjdbcstringurl": "jdbc:mysql://readreplica.example.com:3306/ovaledge", "encryptdecryptkey": "your-encryption-key", "eshost": "es.example.com", "esport": "9200", "esprotocol": "https", "esusername": "elastic_user", "espassword": "elastic_pass" }IAM Role Permissions: Attach an IAM role to the EC2 instance hosting the OvalEdge application with the following policy:
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "secretsmanager:GetSecretValue", "Resource": "arn:aws:secretsmanager:<region>:<account-id>:secret:secrets*" } ] }Ensure the IAM role is associated with the instance as an Instance Profile.
Integration Steps
Configure oasis.properties
Log in to the OvalEdge Tomcat server.
Open the configuration file:
sudo nano /opt/ovaledge/conf/oasis.propertiesAdd or update the following configurations:
### AWS Secrets Manager Configurations ### aws-secrets=true aws-secretregion=us-west-2 aws-secretname=secrets # Vault Keys for Database & Elasticsearch secret.key.jdbcstring=jdbcstringurl secret.key.username=username secret.key.password=password secret.key.read.jdbcstring=readjdbcstringurl secret.key.encryptdecryptkey=encryptdecryptkey secret.key.eshost=eshost secret.key.esport=esport secret.key.esprotocol=esprotocol secret.key.esusername=esusername secret.key.espassword=espasswordReplace
aws-secretname=secretswith the actual name of your AWS Secret, if different.Restart Tomcat
Restart the Tomcat service to apply the new configurations:
sudo systemctl restart tomcat
Copyright © 2025, OvalEdge LLC, Peachtree Corners, GA, USA.
Last updated
Was this helpful?