Spring Cloud Vault

Features

Retrieve secrets from Vault and initialize Spring Environment with remote property sources.
Obtain secrets secured with SSL.
Generate credentials for MySQL, PostgreSQL, Apache Cassandra, MongoDB, Consul, AWS, and RabbitMQ.
Token, AppId, AppRole, Client Certificate, Cubbyhole, and AWS EC2 and IAM, Kubernetes authentication.
Bootstrap application context: a parent context for the main application that can be trained to do anything.
Cloud Foundry integration using HashiCorp’s Vault service broker through Spring Cloud Vault Connector.

Quick Start

To get started with Spring Cloud Vault, simply include a build dependency.

For example, typical POM dependencies would be:

<dependency>
    <groupId>org.springframework.cloud</groupId>
    <artifactId>spring-cloud-starter-vault-config</artifactId>
</dependency>

then configure your Vault endpoint and authentication

bootstrap.yml for Token-based authentication

spring.application.name: my-application
spring.cloud.vault:
    host: localhost
    port: 8200
    scheme: https
    authentication: TOKEN
    token: …

bootstrap.yml for AWS-EC2 authentication

spring.application.name: my-application
spring.cloud.vault:
    host: localhost
    port: 8200
    scheme: https
    authentication: AWS_EC2

finally, use properties stored inside Vault in your application

@Configuration
@RestController
public class Application {

  @Value("${config.name}")
  String name = "World";

  @RequestMapping("/")
  public String home() {
    return "Hello " + name;
  }

  public static void main(String[] args) {
    SpringApplication.run(Application.class, args);
  }
}

Spring Cloud Vault Config reads config properties from Vaults using the application name and active profiles:

/secret/{application}/{profile}
/secret/{application}
/secret/{default-context}/{profile}
/secret/{default-context}

Adding Spring Cloud Vault Config modules

Spring Cloud Vault Config comes with multiple modules supporting different integrations. To to get dependencies in the appropriate version you can include a BOM (Bill of Materials) in your dependency management. For example, typical POM dependency management would be:

<dependencyManagement>
    <dependencies>
        <dependency>
            <groupId>>org.springframework.cloud</groupId>
            <artifactId>spring-cloud-vault-dependencies</artifactId>
            <version>x.y.z</version>
            <scope>import</scope>
            <type>pom</type>
        </dependency>
    </dependencies>
</dependencyManagement>

<dependencies>
    <dependency>
        <groupId>org.springframework.cloud</groupId>
        <artifactId>spring-cloud-starter-vault-config</artifactId>
    </dependency>
    <dependency>
        <groupId>org.springframework.cloud</groupId>
        <artifactId>spring-cloud-vault-config-consul</artifactId>
    </dependency>
</dependencies>

Quickstart Your Project

Bootstrap your application with Spring Initializr.

Documentation

Each Spring project has its own; it explains in great details how you can use project features and what you can achieve with them.