Ir al contenido
Menú
Se marcó esta pregunta
1 Responder
1422 Vistas

Hi Odoers,


My application is deployed in an AWS EC2 instance where as the database is in an RDS instance. I have changed the config file to connect to the database where I have given the db_host, db_user and db_password.

But I don't want to keep them in the config file that too in a readable format. So I want to fetch the database credentials from AWS Secret Manager to establish the database connection while I am running the services.

Is there a way to achieve this. 

Avatar
Descartar
Mejor respuesta

Yes, you can fetch database credentials from AWS Secrets Manager to establish the database connection in your application deployed on AWS EC2. Here’s a step-by-step guide to achieve this:

Steps to Fetch Database Credentials from AWS Secrets Manager

  1. Create a Secret in AWS Secrets Manager:
    • Go to the AWS Secrets Manager console.
    • Create a new secret and store your database credentials (username, password, host, etc.).
    • Save the secret and note the secret ID.
  2. Grant Necessary Permissions:
    • Ensure your EC2 instance has the necessary IAM permissions to access the secret.
    • Attach a policy to your EC2 instance's IAM role that allows access to the specific secret.
  3. Retrieve the Secret in Your Application:
    • Use the AWS SDK or CLI to retrieve the secret in your application.
    • Here’s an example using Python with the boto3 library:

python

import boto3
import json

# Initialize a Secrets Manager client
session = boto3.session.Session()
client = session.client(service_name='secretsmanager', region_name='your-region')

# Retrieve the secret value
secret_name = "your-secret-id"
get_secret_value_response = client.get_secret_value(SecretId=secret_name)

# Parse the secret value
secret = json.loads(get_secret_value_response['SecretString'])
db_host = secret['db_host']
db_user = secret['db_user']
db_password = secret['db_password']

# Now you can use these credentials to establish the database connection
  1. Update Your Application Configuration:
    • Remove the database credentials from your configuration file.
    • Use the retrieved credentials to establish the database connection dynamically.

Example Configuration Update

If you're using a framework like Flask, you can update your configuration as follows:

python

app.config['SQLALCHEMY_DATABASE_URI'] = f'mysql://{db_user}:{db_password}@{db_host}/your-database'

Avatar
Descartar
Autor

Hi Shoaib,
Thank you for the detailed explanation. Currently I am not using any framework other than Odoo default. Any clue how we can fetch the db credentials dynamically from secret manager in Odoo?

Publicaciones relacionadas Respuestas Vistas Actividad
0
oct 23
2727
0
feb 25
1572
2
ene 25
8202
2
ene 24
10138
2
dic 23
6895