How to store JKS certificate in AWS Secret Manager?


I need to securely store and fetch keystore.jks and truststore.jks files from my Java application in order to make secure communications with external application.

Can we store these files in AWS Secret Manager?

I am not able to find proper documentation to store JKS certificate as secret in AWS secret manager.


You would store these as binary secrets in SecretsManager, as long as they are under the size limit. Alternatively, you could store them in a private S3 bucket encrypted with a KMS CMK.

Since Java expects the truststore.jks and keystore.jks files to be present on the file system before the Java application starts up, you would need to script your docker container to download the files into the running container before starting your Java application, for example by including and using the AWS CLI tool within your Docker image.

To give your ECS application access to download the files you would assign the appropriate IAM permissions to the ECS task.

Leave a Reply