Reputation: 1664
Quarkus: Data source custom credentials provider
How can I create a custom data source credentials provider that for example reads the credentials from a file on the disk? I need a way to set the credentials from code. I guess that's the way to go in Quarkus.
quarkus.datasource.username=I want to set this in the code
quarkus.datasource.password=I want to set this in the code
I only see a hashicorp vault integration. I need a way to do this in a custom credentials provider. I can see that there is a way to set the class that represent your provider but what interface that class should implement?
From the docs:
quarkus.datasource.credentials-provider=?
quarkus.datasource.credentials-provider-type=?
The credentials provider type. It is the @Named value of the credentials provider bean. It is used to discriminate if multiple CredentialsProvider beans are available. For Vault it is: vault-credentials-provider. Not necessary if there is only one credentials provider available.
Can somebody please help with this?
Upvotes: 4
Views: 2644
Answers (3)
Reputation: 171
this pattern is now officially supported in https://github.com/quarkusio/quarkus/pull/9032 and documented in https://github.com/quarkusio/quarkus/pull/9552
Upvotes: 3
Reputation: 10529
Interesting. We have designed that contract with only Vault in mind so the interface is called io.quarkus.vault.CredentialsProvider and is in the quarkus-vault-spi module.
That being said, I think you could just add that module to your project (it doesn't have any Vault dependency). Then you could just implement that interface and things should be OK.
Your CredentialsProvider needs to be a CDI bean so you should make it either @Singleton or @ApplicationScoped.
Then you would just need to define a value for quarkus.datasource.credentials-provider=<value here>. The name is passed to the crendentials provider and is used in the case of Vault.
In your case, it just needs to be defined.
If it works for you, could you open an issue in our tracker? I think we should make that interface part of the datasource extension and not Vault specific.
UPDATE: I created an example project here: https://github.com/gsmet/quarkus-credentials-provider . Just run mvn clean install (you need Docker) and you'll see your CredentialsProvider being called.
Upvotes: 3
Reputation: 863
Yes, o.quarkus.vault.CredentialsProvider is meant to be HashiCorp Vault neutral. Please see this issue for some guidance: https://github.com/quarkusio/quarkus/issues/6896#issuecomment-581014674
Upvotes: 0
Related Questions
- Access user info from SecurityIdentity using quarkus-oidc
- Manually log in user using Quarkus
- Using a custom identity provider in Quarkus
- Providing the SecurityIdentity directly to a Quarkus/RESTEasy web service method
- Quarkus Security: Using JPA security in combination with LDAP Authentication
- Quarkus Custom JWT Validation
- Quarkus verifying JWTs from multiple sources
- Quarkus Rest Client and OAuth2
- Keycloak Admin Client with Quarkus?
- Quarkus MicroProfile JWT auth via JWKS