CODEWITHSUNDEEP
javaspring-boothashicorp-vaultvault
Mumzee
Mumzee

Reputation: 788

Unable to inject secrets from Vault in springboot application

application.yml:

spring:
  application:
    name: MyService

  profiles:
    active: dev

  cloud:
    vault:
      enabled: true
      namespace: ${VAULT_NAMESPACE}
      uri: https://vault.my.org
      authentication: APPROLE
      app-role:
        role-id: ${VAULT_APPROLE_ROLE_ID}
        secret-id: ${VAULT_APPROLE_SECRET_ID}
      kv:
        enabled: true
        backend: kv-dev
        default-context: couchbase-dev
        application-name: ${spring.application.name}
        version: 2
        profiles: ${spring.profiles.active}

    config:
      import: vault://
    couchbase:
      username: ${username}
      password: ${password}
      connection-string: ${COUCHBASE_CONNECTION}
      bucket:
        name: ${COUCHBASE_BUCKET_NAME}
      auto-index: true

pom.xml:

        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-data-couchbase</artifactId>
        </dependency>
    
        <dependency>
            <groupId>org.springframework.cloud</groupId>
            <artifactId>spring-cloud-starter-vault-config</artifactId>
            <version>4.1.2</version>
        </dependency>

        <dependency>
            <groupId>org.springframework.vault</groupId>
            <artifactId>spring-vault-core</artifactId>
            <version>3.1.2</version>
        </dependency>

Through API I am able to get secrets, using the same app-role-id/secret: API: https://vault.my.org/v1/kv-dev/data/couchbase-dev with headers X-Vault-Token X-Vault-Namespace Response:

{
  "request_id": "f7c177ec-7291-6872-4f03-d2453d9d4ed6",
  "lease_id": "",
  "renewable": false,
  "lease_duration": 0,
  "data": {
    "data": {
      "password": "dgdrg",
      "username": "dgdfhfdh"
    },
    "metadata": {
      "created_time": "2024-12-18T08:22:08.908747692Z",
      "custom_metadata": null,
      "deletion_time": "",
      "destroyed": false,
      "version": 3
    }
  },
  "wrap_info": null,
  "warnings": null,
  "auth": null,
  "mount_type": "kv"
}

On boot the springboot application gives error: Caused by: java.lang.IllegalArgumentException: Could not resolve placeholder 'username' in value "${username}"

I am expecting the ${username} to be injected from vault. I have verified all env variables are properly set.

In the logs I see that vault related classes are being autoconfigured. Please let me know what am I missing.

Upvotes: 0

Views: 32

Answers (2)

Mumzee
Mumzee

Reputation: 788

The identation in application.yml for spring.config.import is incorrect. The correct place for config is:

spring:
  application:
    name: MyService

  profiles:
    active: dev
  config:
    import: vault://

After this the secrets are successfully getting injected in the springboot application.

Upvotes: 0

Jeetendra Kumar
Jeetendra Kumar

Reputation: 1

This issue related to a missing environment variable. Kindly review the configuration map and ensure that the environment variable is properly set within it. example : username=XYZ. Once this is completed, you may verify.

Upvotes: -1

Related Questions