Configuring AWS Secrets and JDBC Connection in Ambience/Repertoire 2026+

Overview

This entry outlines the steps to configure AWS Secrets integration and JDBC connection pooling in Ambience 2026 onwards using the Config Editor and Secrets modules. The configuration enables secure storage of AWS credentials and establishes a JDBC connection via HikariCP.

Step 1: Add AWS Secret Configuration

Before linking secrets, you must first define the AWS secret store.

a) Ambience 2026+

1. Login into your Ambience 2026+ environment.
2. Navigate to the Config Editor module.
3. Click Add to create a new configuration section. Name the section appropriately, for example: AWS-Secret.
4. Add the following configuration:

   ambience.secrets-store {
     factory {
       #mongodb = "ambience.secrets.CodexDBSecretsStoreLocation"
       #codexdb = "ambience.secrets.CodexDBSecretsStoreLocation"
       #hashicorp = "ambience.secrets.HashiSecretsStoreLocation"
       aws = "ambience.secrets.AWSSecretsStoreLocation"
       #azure = "ambience.secrets.AzureSecretsStoreLocation"
     }
   }
   
   ambience.secrets-store.location.aws = {
      type = "aws"
      enabled = true
      access = "xxx"
      secret = "xxx"
      region = "ap-southeast-1"
      is-addable = false
      is-linkable = true
      #role-arn = "arn:aws:iam::560978676821:role/iam-s3-allow-devops-acct-assume"
      #role-session-name = "xxx"
      sts-service-endpoint="https://sts.ap-southeast-1.amazonaws.com"
   }
   

5. Save the configuration and ensure it is enabled.

b) Repertoire 2026+

1. Navigate to the /etc folder under the Repertoire 2026+ installation directory.
2. Locate the application.conf file.
3. Paste in the following configuration:

   ambience.secrets-store {
     factory {
       #mongodb = "ambience.secrets.CodexDBSecretsStoreLocation"
       #codexdb = "ambience.secrets.CodexDBSecretsStoreLocation"
       #hashicorp = "ambience.secrets.HashiSecretsStoreLocation"
       aws = "ambience.secrets.AWSSecretsStoreLocation"
       #azure = "ambience.secrets.AzureSecretsStoreLocation"
     }
   }
   
   ambience.secrets-store.location.aws = {
      type = "aws"
      enabled = true
      access = "xxx"
      secret = "xxx"
      region = "ap-southeast-1"
      is-addable = false
      is-linkable = true
      #role-arn = "arn:aws:iam::560978676821:role/iam-s3-allow-devops-acct-assume"
      #role-session-name = "xxx"
      sts-service-endpoint="https://sts.ap-southeast-1.amazonaws.com"
   }
   

4. Save the file.

Step 2: Link AWS Secret

Once the secret store is defined, link the AWS secret.

1. Navigate to the Secrets module.
2. Click Link.
3. Configure the link by providing an appropriate Name, a Content ID, and necessary Access.
   
   

   image358×520 13.5 KB
4. Save the configuration.

Note: The secret will appear as Not Ambience Controlled.

Step 3: Add JDBC Configuration

Proceed to configure the JDBC connection pool to utilize the linked AWS secret.

a) Ambience 2026+

1. Return to the Config Editor module.
2. Click Add to create a new JDBC configuration section. Assign a clear name to the section, for example: AWS-JDBC-CONN.
3. Add the JDBC configuration details.

   elixir.data.jdbc.connection-pool.definition {
     mysql {
       dataSourceClassName="com.microsoft.sqlserver.jdbc.SQLServerDataSource"
       dataSource.user="XXX"
       dataSource.password="{secret}AWS-JDBC-NP"
       dataSource.databaseName="XXX"
       dataSource.portNumber=XXX
       dataSource.serverName="localhost"
       dataSource.url="jdbc:sqlserver://localhost:52816;encrypt=true;trustServerCertificate=true"
     }
     # mysql-catalog-pattern = ""
     # mysql-schema-pattern = ""
     # mysql-table-pattern = ""
   }
   

4. Save the JDBC configuration and ensure it is enabled.

b) Repertoire 2026+

1. Navigate to the /etc folder within the Repertoire 2026 installation directory.
2. Locate the hikari.properties file.
3. Paste in the following configuration details:

   dataSourceClassName="com.microsoft.sqlserver.jdbc.SQLServerDataSource"
   dataSource.user="XXX"
   dataSource.password="{secret}AWS-JDBC-NP"
   dataSource.databaseName="XXX"
   dataSource.portNumber=XXX
   dataSource.serverName="localhost"
   dataSource.url="jdbc:sqlserver://localhost:52816;encrypt=true;trustServerCertificate=true"
   

Important:

dataSource.password must reference the linked AWS secret using the format: {secret}YOUR-AWS-LINK-NAME

Step 4: Finalize and Verify

1. Restart the Ambience server for changes to take effect.
2. Verify the connection:
   • If the connection is successful, the Hikari Pool will automatically establish new database connections.
     
     

     image1891×144 14.2 KB