{"id":13707966,"url":"https://github.com/aws/aws-secretsmanager-jdbc","last_synced_at":"2026-01-17T00:30:03.523Z","repository":{"id":37359320,"uuid":"154230371","full_name":"aws/aws-secretsmanager-jdbc","owner":"aws","description":"The AWS Secrets Manager JDBC Library enables Java developers to easily connect to SQL databases using secrets stored in AWS Secrets Manager.","archived":false,"fork":false,"pushed_at":"2025-05-05T21:52:24.000Z","size":135,"stargazers_count":171,"open_issues_count":17,"forks_count":79,"subscribers_count":24,"default_branch":"v2","last_synced_at":"2025-05-08T00:08:00.477Z","etag":null,"topics":["aws","aws-secrets-manager","jdbc-driver","secret"],"latest_commit_sha":null,"homepage":"","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/aws.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":"CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2018-10-22T23:23:36.000Z","updated_at":"2025-04-28T22:48:28.000Z","dependencies_parsed_at":"2025-01-04T11:32:01.480Z","dependency_job_id":"ae59c633-01cd-4e3a-96df-06e7df2a72ab","html_url":"https://github.com/aws/aws-secretsmanager-jdbc","commit_stats":{"total_commits":63,"total_committers":19,"mean_commits":"3.3157894736842106","dds":0.8253968253968254,"last_synced_commit":"65188499a6acae5b49e0cc8b867716ae8cba49d2"},"previous_names":[],"tags_count":19,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aws%2Faws-secretsmanager-jdbc","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aws%2Faws-secretsmanager-jdbc/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aws%2Faws-secretsmanager-jdbc/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aws%2Faws-secretsmanager-jdbc/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/aws","download_url":"https://codeload.github.com/aws/aws-secretsmanager-jdbc/tar.gz/refs/heads/v2","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254310515,"owners_count":22049469,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws","aws-secrets-manager","jdbc-driver","secret"],"created_at":"2024-08-02T22:01:51.129Z","updated_at":"2025-10-19T03:40:34.066Z","avatar_url":"https://github.com/aws.png","language":"Java","funding_links":[],"categories":["Java"],"sub_categories":[],"readme":"# AWS Secrets Manager JDBC Library\n\n[![Java Build](https://github.com/aws/aws-secretsmanager-jdbc/actions/workflows/CI.yml/badge.svg?event=push)](https://github.com/aws/aws-secretsmanager-jdbc/actions/workflows/CI.yml)\n[![Coverage](https://codecov.io/gh/aws/aws-secretsmanager-jdbc/branch/v2/graph/badge.svg?token=hCl7eBaSwn)](https://codecov.io/gh/aws/aws-secretsmanager-jdbc)\n\nThe **AWS Secrets Manager JDBC Library** enables Java developers to easily connect to SQL databases using secrets stored in AWS Secrets Manager.\n\n## License\n\nThis library is licensed under the Apache 2.0 License.\n\n## Features\n\n- Provides wrappers to common JDBC drivers enabling simple database connectivity\n- Provides database connection pooling support through c3p0\n\n## Building from Source\n\nAfter you've downloaded the code from GitHub, you can build it using Maven.\n\n- To disable GPG signing in the build, use this command: `mvn clean install -Dgpg.skip=true`\n- To build the default (non-shaded) JAR, use this command: `mvn clean install`\n- To build the shaded (uber) JAR with all dependencies included, use this command: `mvn clean install -Pshade`\n  The shaded JAR will be generated in the `target/` directory with the `-shaded` classifier, e.g.: `target/aws-secretsmanager-jdbc-2.0.3-shaded.jar`\n\n## Usage\n\nThe recommended way to use the SQL Connection Library is to consume it from Maven. The latest released version can be found at: https://mvnrepository.com/artifact/com.amazonaws.secretsmanager/aws-secretsmanager-jdbc\n\n```xml\n\u003cdependency\u003e\n    \u003cgroupId\u003ecom.amazonaws.secretsmanager\u003c/groupId\u003e\n    \u003cartifactId\u003eaws-secretsmanager-jdbc\u003c/artifactId\u003e\n    \u003cversion\u003e2.0.0\u003c/version\u003e\n\u003c/dependency\u003e\n```\n\nTo use the latest build (pre-release), don't forget to enable the download of snapshot jars from Maven.\n\n```xml\n\u003cprofiles\u003e\n  \u003cprofile\u003e\n    \u003cid\u003eallow-snapshots\u003c/id\u003e\n    \u003cactivation\u003e\u003cactiveByDefault\u003etrue\u003c/activeByDefault\u003e\u003c/activation\u003e\n    \u003crepositories\u003e\n      \u003crepository\u003e\n        \u003cid\u003esnapshots-repo\u003c/id\u003e\n        \u003curl\u003ehttps://aws.oss.sonatype.org/content/repositories/snapshots\u003c/url\u003e\n        \u003creleases\u003e\u003cenabled\u003efalse\u003c/enabled\u003e\u003c/releases\u003e\n        \u003csnapshots\u003e\u003cenabled\u003etrue\u003c/enabled\u003e\u003c/snapshots\u003e\n      \u003c/repository\u003e\n    \u003c/repositories\u003e\n  \u003c/profile\u003e\n\u003c/profiles\u003e\n```\n\n### Usage Example\n\nWe provide database drivers that intercept calls to real database drivers and replace secret IDs with actual login credentials.\nThis prevents hard-coding database credentials into your application code.\n\nThe following is an example which uses the secret to resolve both the endpoint and the login credentials.\n\n```\n// Load the JDBC driver\nClass.forName( \"com.amazonaws.secretsmanager.sql.AWSSecretsManagerPostgreSQLDriver\" ).newInstance();\n\n// Retrieve the connection info from the secret using the secret ARN\nString URL = \"secretId\";\n\n// Populate the user property with the secret ARN to retrieve user and password from the secret\nProperties info = new Properties( );\ninfo.put( \"user\", \"secretId\" );\n\n// Establish the connection\nconn = DriverManager.getConnection(URL, info);\n```\n\nTo specify a custom endpoint and port instead of resolving from the secret, use the jdbc-secretsmanager prefix with your database information.\n\n```\n// Options to resolve the connection information\n\n// Set url to secret arn to resolve endpoint and port from secret\nString URL = \"secretId\";\n\n// Use jdbc-secretsmanager prefix to specify endpoint and port instead of resolving from secret\nString URL = \"jdbc-secretsmanager:postgresql://example.com:5432/database\";\n```\n\nThe secret should be in the correct JSON format. For more information, see the [AWS Secrets Manager documentation](https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_secret_json_structure). For example:\n\n```json\n{\n  \"host\": \"\u003chost name\u003e\",\n  \"username\": \"\u003cusername\u003e\",\n  \"password\": \"\u003cpassword\u003e\",\n  \"dbname\": \"\u003cdatabase name\u003e\",\n  \"port\": \"\u003cport number\u003e\"\n}\n```\n\nWe support a variety of drivers. For more information, see the [AWS Secrets Manager JDBC documentation](https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieving-secrets_jdbc).\n\n## Credentials\n\nThis library uses the [Default Credential Provider Chain](https://docs.aws.amazon.com/sdk-for-java/latest/developer-guide/credentials.html). The following options exist to override some of the defaults:\n\n1. Set a PrivateLink DNS endpoint URL and a region in the secretsmanager.properties file:\n\n```text\ndrivers.vpcEndpointUrl= #The endpoint URL\ndrivers.vpcEndpointRegion= #The endpoint region\n```\n\n2. Override the primary region by setting the 'AWS_SECRET_JDBC_REGION' environment variable to the preferred region, or via the secretsmanager.properties file:\n\n```text\ndrivers.region= #The region to use.\n```\n\nIf this driver is running on EKS, the library could pick up the credentials of the node it is running on instead of the service account role ([issue](https://github.com/aws/aws-secretsmanager-jdbc/issues/55)). To address this, add version `2` of `software.amazon.awssdk:sts` to your Gradle/Maven project file as a dependency.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Faws%2Faws-secretsmanager-jdbc","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Faws%2Faws-secretsmanager-jdbc","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Faws%2Faws-secretsmanager-jdbc/lists"}