Best practice is to load the secrets on application startup (or some periodic refresh) from AWS Secrets Manager.

If you know the secret names beforehand, you can hardcode them in the Spring Boot application. If you're letting Secrets Manager generate the secret name automatically, you'll need to pass in the secret name as an environment variable to your Spring Boot application. This can be easily achieved if you're using IaC.

Here is a good tutorial on setting up the secrets access layer in Spring Boot using AWS Secrets Manager https://www.baeldung.com/spring-boot-integrate-aws-secrets-manager

Please note that your EKS cluster IAM role needs permission to retrieve the secrets. More information on that can be found here https://docs.aws.amazon.com/mediaconnect/latest/ug/iam-policy-examples-asm-secrets.html