Reputation: 5
Can't get secrets from Vault with Hashicorp in Java
I'm using Hashicorp plugin to get secrets from Vault but without success. I have looked through all similar questions here and also in Internet but still haven't solved my issue.
I copied code from Github, set all necessary variables as follows:
<!-- Read secrets from HashiCorp Vault and assign it to Maven properties -->
<plugin>
<groupId>io.github.schereradi</groupId>
<artifactId>vault-maven-plugin</artifactId>
<version>1.1.3</version>
<executions>
<execution>
<id>pull</id>
<phase>validate</phase>
<goals>
<goal>pull</goal>
</goals>
<configuration>
<servers>
<server>
<!-- Update vault server URL with your own URL -->
<url>https://**myVaulUrlHere:8200**</url>
<!-- Token to authenticate with Vault server. Do not hardcode the vault token -->
<token>**myTokenHere**</token>
<paths>
<path>
<!-- Vault path can be hardcoded completely or it can be made dynamic like shown below -->
<name>**myVaultPathHere**</name>
<mappings>
<mapping>
<!-- key - name of the key stored in vault --
<key>testUser</key>
<!-- property - to whom you want to assign the value after reading it from the Vault -->
<property>username</property>
</mapping>
<mapping>
<!-- key - name of the key stored in vault -->
<key>testPassword</key>
<!-- property - to whom you want to assign the value after reading it from the Vault -->
<property>password</property>
</mapping>
</mappings>
</path>
</paths>
</server>
</servers>
</configuration>
</execution>
</executions>
</plugin>
and trying to get username and password values from pom in application properties:
prop.username=@username@
prop.password=@password@
Spring boot class:
@RestController
public class ReadSecretsController {
@Value("${prop.username}")
private String username;
@Value("${prop.password}")
private String password;
@GetMapping("/getSecretsFromVault")
public String getSecretsFromVault() {
return "Username: " + username + " Password: " + password;
}
}
The only thing I see when started "localhost:8080/getSecretsFromVault" is Username: @username@ Password: @password@
I made curl query from localhost to check whether credentials are being pulled properly using token and vault path and it returns JSON with all required info.
I see 2 options here:
- Plugin doesn't work properly.
- The values aren't passed from pom.xml to application.properties. I have tried some hints such as filtering and delimiter config in pom.xml but with the same result.
<build>
<resources>
<resource>
<directory>src/main/resources</directory>
<filtering>true</filtering>
</resource>
</resources>
...
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-resources-plugin</artifactId>
<version>2.7</version>
<configuration>
<delimiters>
<delimiter>@</delimiter>
</delimiters>
<useDefaultDelimiters>false</useDefaultDelimiters>
</configuration>
</plugin>
Will be gratheful for any piece of advice!
Upvotes: 0
Views: 361
Answers (1)
Reputation: 5
I seem to have found out what the problem was - we are using KV Engine v2 and this plugin was designed for KV Engine v1.
I tried with application.properties:
spring.application.name=vaultdemo
spring.cloud.vault.kv.enabled=true
spring.cloud.vault.authentication=TOKEN
spring.cloud.vault.token=
spring.cloud.vault.scheme=http
spring.cloud.vault.host=127.0.0.1
spring.cloud.vault.port=8200
spring.config.import: vault://
but failed as
spring.config.import: vault://
highlights last symbol "/" in red. I learned that it is a bug but found no solution.
Upvotes: 0
Related Questions
- How to get an enum value from a string value in Java
- Why is executing Java code in comments with certain Unicode characters allowed?
- How can I get the current stack trace in Java?
- How do I create a Java string from the contents of a file?
- How do I call one constructor from another in Java?
- Hashicorp Vault password access using Spring boot vault
- Does a finally block always get executed in Java?
- How to get the current working directory in Java?
- How to provide Vault secrets for a Flink application custom resource in Kubernetes
- Can't start Eclipse - Java was started but returned exit code=13