Spring Cloud Vault
2.2.4Features
-
Retrieve secrets from Vault and initialize Spring Environment with remote property sources.
-
Obtain secrets secured with SSL.
-
Generate credentials for MySQL, PostgreSQL, Apache Cassandra, MongoDB, Consul, AWS, and RabbitMQ.
-
Token, AppId, AppRole, Client Certificate, Cubbyhole, and AWS EC2 and IAM, Kubernetes authentication.
-
Bootstrap application context: a parent context for the main application that can be trained to do anything.
-
Cloud Foundry integration using HashiCorp’s Vault service broker through Spring Cloud Vault Connector.
Quick Start
To get started with Spring Cloud Vault, simply include a build dependency.
For example, typical POM dependencies would be:
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-vault-config</artifactId>
</dependency>then configure your Vault endpoint and authentication
bootstrap.yml for Token-based authentication
spring.application.name: my-application
spring.cloud.vault:
host: localhost
port: 8200
scheme: https
authentication: TOKEN
token: …bootstrap.yml for AWS-EC2 authentication
spring.application.name: my-application
spring.cloud.vault:
host: localhost
port: 8200
scheme: https
authentication: AWS_EC2finally, use properties stored inside Vault in your application
@Configuration
@RestController
public class Application {
@Value("${config.name}")
String name = "World";
@RequestMapping("/")
public String home() {
return "Hello " + name;
}
public static void main(String[] args) {
SpringApplication.run(Application.class, args);
}
}Spring Cloud Vault Config reads config properties from Vaults using the application name and active profiles:
/secret/{application}/{profile}
/secret/{application}
/secret/{default-context}/{profile}
/secret/{default-context}Adding Spring Cloud Vault Config modules
Spring Cloud Vault Config comes with multiple modules supporting different integrations. To to get dependencies in the appropriate version you can include a BOM (Bill of Materials) in your dependency management. For example, typical POM dependency management would be:
<dependencyManagement>
<dependencies>
<dependency>
<groupId>>org.springframework.cloud</groupId>
<artifactId>spring-cloud-vault-dependencies</artifactId>
<version>x.y.z</version>
<scope>import</scope>
<type>pom</type>
</dependency>
</dependencies>
</dependencyManagement>
<dependencies>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-vault-config</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-vault-config-consul</artifactId>
</dependency>
</dependencies>
Documentation
| 2.2.4 SNAPSHOT CURRENT | Reference Doc. | API Doc. |
| 3.0.0 M1 PRE | Reference Doc. | API Doc. |
| 2.2.3 CURRENT GA | Reference Doc. | API Doc. |
| 2.1.5 SNAPSHOT | Reference Doc. | API Doc. |
| 2.1.4 GA | Reference Doc. | API Doc. |