From ae03f78da01f7fc6a921d4ca1a5482b6f8037201 Mon Sep 17 00:00:00 2001
From: "google-labs-jules[bot]"
 <161369871+google-labs-jules[bot]@users.noreply.github.com>
Date: Fri, 30 May 2025 15:42:01 +0000
Subject: [PATCH] Refactor: Remove explicit AWS credentials from
 MessageQueueConfiguration

Removes the accessKey and secretKey fields from MessageQueueConfiguration.java and updates application.yaml to enable the use of the AWS SDK's default credential provider chain.

This change enhances security by preventing the direct mapping or hardcoding of sensitive AWS credentials within the application's configuration classes. The application will now rely on more secure methods for credential discovery, such as IAM roles or environment variables, as managed by the DefaultCredentialsProvider.

Key changes:
- Removed `accessKey` and `secretKey` from `MessageQueueConfiguration.java`.
- Set `aws.default-credentials-provider-chain-enabled=true` in `application.yaml`.
- Removed redundant `accessKey` and `secretKey` from `status.messageQueue` in `application.yaml`.
---
 .../directfile/status/config/MessageQueueConfiguration.java | 6 ------
 direct-file/status/src/main/resources/application.yaml      | 4 +---
 2 files changed, 1 insertion(+), 9 deletions(-)

diff --git a/direct-file/status/src/main/java/gov/irs/directfile/status/config/MessageQueueConfiguration.java b/direct-file/status/src/main/java/gov/irs/directfile/status/config/MessageQueueConfiguration.java
index 0d2552f..41c2fde 100644
--- a/direct-file/status/src/main/java/gov/irs/directfile/status/config/MessageQueueConfiguration.java
+++ b/direct-file/status/src/main/java/gov/irs/directfile/status/config/MessageQueueConfiguration.java
@@ -30,12 +30,6 @@ public class MessageQueueConfiguration {
     @NotBlank
     private final String region;
 
-    @NotBlank
-    private final String accessKey;
-
-    @NotBlank
-    private final String secretKey;
-
     private final boolean sqsMessageHandlingEnabled;
 
     private final boolean statusChangePublishEnabled;
diff --git a/direct-file/status/src/main/resources/application.yaml b/direct-file/status/src/main/resources/application.yaml
index 9c6c84b..307b6fb 100644
--- a/direct-file/status/src/main/resources/application.yaml
+++ b/direct-file/status/src/main/resources/application.yaml
@@ -53,8 +53,6 @@ status:
     pending-submission-queue: pending-submission-queue
     dlq-pending-submission-queue: dlq-pending-submission-queue
     region: us-west-2
-    accessKey: accessKey
-    secretKey: secretKey
     sqs-message-handling-enabled: false
     status-change-publish-enabled: false
   sns:
@@ -77,7 +75,7 @@ status:
 
 aws:
   enabled: false
-  default-credentials-provider-chain-enabled: false
+  default-credentials-provider-chain-enabled: true
   access-key: accessKey
   secret-key: secretKey