Refresh the datasource on password rotation in SpringBoot Application

Question

Can someone please guide me, how I can refresh the datasource whenever the password is rotated for the database. Basically I don't want any manual step to refresh the datasource(like calling any endpoint). Rather than I can poll a file to see if DB credentials are rotated using FileWatcher service. I have already read few solutions over stackoverflow regarding the same ask. But I couldn't able to implement it successfully. Since I am new to stackoverflow can't comment on others question to get solution clarified. Below is simple class for creating the connection pool.

@Configuration

@EnableTransactionManagement

public class JpaConfig {

@Value("${db.username}")
private String username;

@Value("${db.password}")
private String password;

@Bean
public LocalContainerEntityManagerFactoryBean entityManagerFactory() {
        HibernateJpaVendorAdapter vendorAdapter = new HibernateJpaVendorAdapter();
        vendorAdapter.setGenerateDdl(true);

        LocalContainerEntityManagerFactoryBean factory = new LocalContainerEntityManagerFactoryBean();
        factory.setJpaVendorAdapter(vendorAdapter);         
        factory.setPackagesToScan("com.example");
        factory.setDataSource(dataSource());
        
        Properties properties = new Properties();
        properties.put("hibernate.format_sql", true);
        properties.put("hibernate.show_sql", true);
        properties.put("hibernate.hbm2ddl.auto", "none");
        properties.put("hibernate.generate_statistics",  false);
        factory.setJpaProperties(properties);
        return factory;
}   
@Bean
public PlatformTransactionManager transactionManager() {
  JpaTransactionManager txManager = new JpaTransactionManager();
  txManager.setEntityManagerFactory(entityManagerFactory);
  return txManager;
}   
private DataSource dataSource() {
    HikariConfig hikariConfig = new HikariConfig();
    hikariConfig.setJdbcUrl("db_connection_url");
    hikariConfig.setUsername(username);
    hikariConfig.setPassword(password);
    hikariConfig.setPoolName("test_pool");
    HikariDataSource hikariDataSource = new HikariDataSource(hikariConfig);
    return hikariDataSource;
}   

}

Answer 1

You can use "Spring Cloud Bus". And whenever you change the datasource password configuration, your service can listen for this event so that it can create a new bean based on the new configuration.

Please look at this document https://spring.io/projects/spring-cloud-bus

Answer 2

This repo has solution for this question : https://github.com/visa2learn/spring-cloud-vault-db-cred-rotation I find it quite useful. Just to make solution better read about SecretLeaseContainer : Event-based container to request secrets from Vault and renew the associated Lease. Secrets can be rotated, depending on the requested RequestedSecret.getMode()