close

Spring Vault

2.2.2.RELEASE

Introduction

Spring Vault provides familiar Spring abstractions and client-side support for accessing, storing and revoking secrets. It offers both low-level and high-level abstractions for interacting with Vault, freeing the user from infrastructural concerns.

With HashiCorp’s Vault you have a central place to manage external secret data for applications across all environments. Vault can manage static and dynamic secrets such as application data, username/password for remote applications/resources and provide credentials for external services such as MySQL, PostgreSQL, Apache Cassandra, Consul, AWS and more.

Features

  • Spring configuration support using Java based @Configuration classes.

  • VaultTemplate helper class that increases productivity performing common Mongo operations. Includes integrated object mapping between documents and POJOs.

  • Supported authentication mechanisms:

    • Token

    • AppRole

    • AWS-EC2

    • AWS-IAM

    • Azure MSI

    • Certificates (PKI)

    • Cubbyhole

    • GCP-GCE

    • GCP-IAM

    • Kubernetes

    • Pivotal CloudFoundry

  • Annotation-based @VaultPropertySource integration

  • Support for renewable and rotating secrets

  • Feature Rich Object Mapping integrated with Spring’s Conversion Service

  • Annotation based mapping metadata but extensible to support other metadata formats

  • Automatic implementation of Repository interfaces including support for custom query methods.

Configure VaultTemplate

@Configuration
class VaultConfiguration extends AbstractVaultConfiguration {

  @Override
  public VaultEndpoint vaultEndpoint() {
    return new VaultEndpoint();
  }

  @Override
  public ClientAuthentication clientAuthentication() {
    return new TokenAuthentication("…");
  }
}

Inject and use VaultTemplate

public class Example {

  // inject the actual template
  @Autowired
  private VaultOperations operations;

  public void writeSecrets(String userId, String password) {

    Map<String, String> data = new HashMap<String, String>();
    data.put("password", password);

    operations.write(userId, data);
  }

  public Person readSecrets(String userId) {

    VaultResponseSupport<Person> response = operations.read(userId, Person.class);
    return response.getBody();
    }
}

Vault PropertySource

@VaultPropertySource(value = "aws/creds/s3",
  propertyNamePrefix = "aws."
  renewal = Renewal.RENEW)
public class MyConfig {

}

public class Example {

  // inject the actual values
  @Value("${aws.access_key}")
  private String awsAccessKey;

  @Value("${aws.secret_key}")
  private String awsSecretKey;

  public InputStream getFileFromS3(String filenname) {
    // …
  }
}

Spring Boot Config

Spring Initializr

Quickstart Your Project

Bootstrap your application with Spring Initializr.

Documentation

Each Spring project has its own; it explains in great details how you can use project features and what you can achieve with them.
2.2.2.RELEASE CURRENT GA Reference Doc. API Doc.
2.3.0-SNAPSHOT SNAPSHOT
2.3.0-M1 PRE Reference Doc. API Doc.
2.2.3.BUILD-SNAPSHOT SNAPSHOT
2.1.6.BUILD-SNAPSHOT SNAPSHOT
2.1.5.RELEASE GA Reference Doc. API Doc.