Reputation: 2071
I am running a Docker Vault container
in dev
mode, and I can't read a secret located at /secret/mobsters/
called password
.
Here are Spring logs.
Running vault kv get secret/mobsters
returns the password key value pair. I can also access the vault server locally.
Here is how I am referencing the secret:
@Value("${password}")
String password;
@PostConstruct
private void postConstruct() {
System.out.println("My password is: " + password);
}
The Spring Cloud Vault
configuration is setup using a bootstrap.yml
file:
spring.application.name: mobsters
spring.cloud.vault:
host: localhost
port: 8200
scheme: http
authentication: TOKEN
token: ...
I am getting an exception with the message (full exception here):
Caused by: java.lang.IllegalArgumentException: Could not resolve placeholder 'password' in value "${password}"`
From Vault UI:
Upvotes: 2
Views: 2646
Reputation: 177
It looks like there is a way to fix this.
In your bootstrap.yml
, make sure that generic.enabled
is false and kv.enabled
is true.
spring:
...
cloud.vault:
...
kv.enabled: true
generic.enabled: false
According to this answer on GitHub:
The main difference between those two is that kv injects the data segment in the context path and unwraps nested data responses.
If you're running a [springboot] version before 2.0, then you need to implement an org.springframework.cloud.vault.config.VaultConfigurer bean that is exposed to the bootstrap context. SecretBackendConfigurer accepts a path and a PropertyTransformer that transforms properties before exposing these as PropertySource.
Upvotes: 0
Reputation: 18127
Using Spring Vault/Spring Cloud Vault with HashiCorp Vault 0.10.0 does not work as the key/value backend is mounted with versioning enabled by default. This has some significance as the versioned API has changed entirely and breaks existing client implementations. Context paths and response structure are different.
You have two options:
spring.cloud.vault.generic.backend=secret/data
in your bootstrap configuration.data.
so @Value("${hello.world}")
becomes @Value("${data.hello.world}")
.Upvotes: 2