Spring Cloud Vault4.3.0

Features

• Retrieve secrets from Vault and initialize Spring Environment with remote property sources.

• Obtain secrets secured with SSL.

• Generate credentials for MySQL, PostgreSQL, Apache Cassandra, MongoDB, Consul, AWS, and RabbitMQ.

• Token, AppId, AppRole, Client Certificate, Cubbyhole, and AWS EC2 and IAM, Kubernetes authentication.

• Bootstrap application context: a parent context for the main application that can be trained to do anything.

• Cloud Foundry integration using HashiCorp’s Vault service broker through Spring Cloud Vault Connector.

Quick Start

To get started with Spring Cloud Vault, simply include a build dependency.

For example, typical POM dependencies would be:

<dependency>
    <groupId>org.springframework.cloud</groupId>
    <artifactId>spring-cloud-starter-vault-config</artifactId>
</dependency>

then configure your Vault endpoint and authentication

bootstrap.yml for Token-based authentication

spring.application.name: my-application
spring.cloud.vault:
    host: localhost
    port: 8200
    scheme: https
    authentication: TOKEN
    token: …

bootstrap.yml for AWS-EC2 authentication

spring.application.name: my-application
spring.cloud.vault:
    host: localhost
    port: 8200
    scheme: https
    authentication: AWS_EC2

finally, use properties stored inside Vault in your application

@Configuration
@RestController
public class Application {

  @Value("${config.name}")
  String name = "World";

  @RequestMapping("/")
  public String home() {
    return "Hello " + name;
  }

  public static void main(String[] args) {
    SpringApplication.run(Application.class, args);
  }
}

Spring Cloud Vault Config reads config properties from Vaults using the application name and active profiles:

/secret/{application}/{profile}
/secret/{application}
/secret/{default-context}/{profile}
/secret/{default-context}

Adding Spring Cloud Vault Config modules

Spring Cloud Vault Config comes with multiple modules supporting different integrations. To to get dependencies in the appropriate version you can include a BOM (Bill of Materials) in your dependency management. For example, typical POM dependency management would be:

<dependencyManagement>
    <dependencies>
        <dependency>
            <groupId>>org.springframework.cloud</groupId>
            <artifactId>spring-cloud-vault-dependencies</artifactId>
            <version>x.y.z</version>
            <scope>import</scope>
            <type>pom</type>
        </dependency>
    </dependencies>
</dependencyManagement>

<dependencies>
    <dependency>
        <groupId>org.springframework.cloud</groupId>
        <artifactId>spring-cloud-starter-vault-config</artifactId>
    </dependency>
    <dependency>
        <groupId>org.springframework.cloud</groupId>
        <artifactId>spring-cloud-vault-config-consul</artifactId>
    </dependency>
</dependencies>