I have case when I deployed custom container to container registry on gitlab with some libraries that I need. I am using it inside my CI/CD to run some jobs in other project. This project is using Spring Boot and I want to connect with RDS database stored in AWS. I am not sure how to store sensitive data like password, username to access DB and not sure if database endpoint or port is sensitive as well.

Right now this is how my application.properties looks like:

spring.application.name=xxx

# Database
spring.datasource.url=jdbc:mysql://${endpoint}:${port}/${dbnametest}
spring.datasource.username=${user}
spring.datasource.password=${password}
spring.datasource.driver-class-name=com.mysql.cj.jdbc.Driver

# Hibernate properties
spring.jpa.hibernate.ddl-auto=update
spring.jpa.properties.hibernate.dialect=org.hibernate.dialect.MySQLDialect
spring.jpa.show-sql=true

Locally i used environmental variables to set these values but the problem started when I ran jobs and these values were empty on my custom docker image. I store these values in aws secret manager and firstly I wanted to set environmental variables during build on my docker image using aws secretmanager command, but it did not give expected result.

What is the approach to do that? Where should I store these variables and how should I access them to be secure? Should I use aws secret manager for that? I saw some spring libraries but maven said they have high vulnerabilities so I probably don’t want to use them until these are fixed.

I also add my CI/CD file to run the jobs:

image: $CI_REGISTRY_IMAGE:latest

stages:
  - security
  - build
  - test

cache:
  paths:
    - .m2/repository
    - sport-society-frontend/node_modules

build-and-lint-frontend:
  stage: build
  script:
    - cd sport-society-frontend
    - npm install
    - npm run lint
    - npm run build

build-and-lint-backend:
  stage: build
  script:
    - cd sportsocietyapp
    - mvn spotless:check
    - mvn install -DskipTests=true

test-frontend:
  stage: test
  script:
    - cd sport-society-frontend
    - npm install
    - npm run test

test-backend:
  stage: test
  script:
    - cd sportsocietyapp
    - mvn test

sast:
  stage: security
include:
  - template: Security/SAST.gitlab-ci.yml