Trying to store my Okta client id and secret in AWS secrets manager. The problem is when the spring-boot app comes up the Okta stuff is initializing before the AWS secrets manager, and thus I get an IllegalArgumentException:
java.lang.IllegalArgumentException: Could not resolve placeholder ‘client-secret’ in value “${client-secret}”
at org.springframework.util.PropertyPlaceholderHelper.parseStringValue(PropertyPlaceholderHelper.java:178) ~[spring-core-5.1.8.RELEASE.jar!/:5.1.8.RELEASE]
Is there some way to force the boostrap to run the spring-cloud-starter-aws-secrets-manager-config before the okta-spring-boot-starter?
My team-mate figured this out. This problem is when loading the spring cloud bootstrap context due to OktaOAuth2PropertiesMappingEnvironmentPostProcessor trying to evaluate the okta.oauth2.client-id and okta.oauth2.client-secret parameters in the bootstrap context. The values of these parameters come from secrets manager, which isn’t available in the bootstrap context.
The workaround was to move the okta properties stored in secret manager under spring.security.oauth2.client.registration.okta. IE:
BEFORE
okta:
oauth2:
…
client-id: {client-id}
client-secret: {client-secret}
@Reecardo , this is super helpful. Did you completely replace the okta.oauth2 config with the spring.security.oauth2 config, or do you have a combination of both in your YAML?