Geek Culture
Published in

Geek Culture

Configuring Vault with Spring Boot

Depending on the versions of Spring Cloud Vault and Spring Boot the configuration of vault properties differs.

With Spring Cloud Vault 3.0 and Spring Boot 2.4, the bootstrap context initialization (bootstrap.yml, bootstrap.properties) of property sources was deprecated.
You can refer https://docs.spring.io/spring-cloud-vault/docs/current/reference/html/#new-in-3.0.0 for new enhancements in latest version.

Dependency Setup

First we will add the spring cloud vault config dependency to our pom.xml

<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-vault-config</artifactId>
<version>{project-version}</version>
</dependency>

Now we will see how to configure vault properties for different versions.

Configurations with the support of bootstrap context

In earlier version spring cloud vault operates in the bootstrap context to initially obtain configuration properties so it can provide these to the auto-configuration and our application itself.

We can configure our application with bootstrap.yml or bootstrap.properties

spring:
cloud:
vault:
enabled: true
kv:
backend: <secret>
enabled: true
application-name: <vault-application-name>
authentication: APPROLE
app-role:
role-id: <role-id>
secret-id: <secret-id>
app-auth-path: approle
scheme: https
uri: <vault-server>
connection-timeout: 5000
read-timeout: 15000
  • scheme setting the scheme to http will use plain HTTP. Supported schemes are http and https.
  • uri configure the Vault endpoint with an URI. Takes precedence over host/port/scheme configuration
  • connection-timeout sets the connection timeout in milliseconds
  • read-timeout sets the read timeout in milliseconds
  • authentication sets an authentication mechanism to authorize client requests. Spring Cloud Vault supports multiple authentication mechanisms to authenticate applications with Vault. Please refer https://docs.spring.io/spring-cloud-vault/docs/current/reference/html/#authentication
  • kv sets key-value configs

Configurations without the support of bootstrap context

This can be done in two ways:

1. Use Spring Boot 2.4 Config Data API (Preferred)

New versions of Spring Cloud Vault favors Spring Boot’s Config Data API which allows importing configuration from Vault.

Move all properties from bootstarp.yml file to application.yml file. aaplication.yml file will look like

spring:
cloud:
vault:
authentication: APPROLE
app-role:
role-id: <role-id>
secret-id: <secret-id>
app-auth-path: approle
uri: <vault-server>
connection-timeout: 5000
read-timeout: 15000
config:
import: vault://<secret>/<vault-application-name>

spring.config.import sets the mount path of vault key-value backend.

This properties file can be provided in below format also

spring:
cloud:
vault:
enabled: true
kv:
backend: <secret>
enabled: true
application-name: <vault-application-name>
authentication: APPROLE
app-role:
role-id: <role-id>
secret-id: <secret-id>
app-auth-path: approle
scheme: https
uri: <vault-server>
connection-timeout: 5000
read-timeout: 15000
config:
import: optional:vault://

spring.cloud.vault.enabled use to enable/disable vault. When vault is disabled config locations provided as optional will be skipped during application startup.

2. If we still want to use bootstrap context, we can enable it by
including the following dependency to pom.xml

<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-bootstrap</artifactId>
</dependency>

and adding this configuration property spring.cloud.bootstrap.enabled=true in application.yml file.

References

[1] https://docs.spring.io/spring-cloud-vault/docs/current/reference/html/#client-side-usage

[2] https://cloud.spring.io/spring-cloud-vault/reference/html/#_client_side_usage

--

--

--

A new tech publication by Start it up (https://medium.com/swlh).

Recommended from Medium

What is REST? What are RESTful APIs?

Generate PDF documents in .NET using PDFsharp

Wrapping Unsafe C Libraries in Rust

How to Integrate Huawei Kits into Hotel booking application (Analytics & Site Kit)

Setting up Flutter on Windows

Databases on Rails: SQLite vs. PostgreSQL

Big Data Engineering —  Apache Spark

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Aakash Sorathiya

Aakash Sorathiya

A software developer with a strong passion for self-improvement.

More from Medium

How to Use Spring Cloud Gateway to Dynamically Discover Microservices

Client application consuming microservice

Prometheus Monitoring Using Spring Boot

Spring Security and Keycloak Integration in Spring Boot

Spring Cloud Stream With Kafka