Hear from the Spring team this January at SpringOne. >
close

Spring Vault

3.0.0

Introduction

Spring Vault provides familiar Spring abstractions and client-side support for accessing, storing and revoking secrets. It offers both low-level and high-level abstractions for interacting with Vault, freeing the user from infrastructural concerns.

With HashiCorp’s Vault you have a central place to manage external secret data for applications across all environments. Vault can manage static and dynamic secrets such as application data, username/password for remote applications/resources and provide credentials for external services such as MySQL, PostgreSQL, Apache Cassandra, Consul, AWS and more.

Features

  • Spring configuration support using Java based @Configuration classes.

  • VaultTemplate helper class that increases productivity performing common Vault operations. Includes integrated object mapping between documents and POJOs.

  • Supported authentication mechanisms:

    • Token

    • AppRole

    • AWS-EC2

    • AWS-IAM

    • Azure MSI

    • Certificates (PKI)

    • Cubbyhole

    • GCP-GCE

    • GCP-IAM

    • Kubernetes

    • Pivotal CloudFoundry

  • Annotation-based @VaultPropertySource integration

  • Support for renewable and rotating secrets

  • Feature Rich Object Mapping integrated with Spring’s Conversion Service

  • Annotation based mapping metadata but extensible to support other metadata formats

  • Automatic implementation of Repository interfaces including support for custom query methods.

Configure VaultTemplate

@Configuration
class VaultConfiguration extends AbstractVaultConfiguration {

  @Override
  public VaultEndpoint vaultEndpoint() {
    return new VaultEndpoint();
  }

  @Override
  public ClientAuthentication clientAuthentication() {
    return new TokenAuthentication("…");
  }
}

Inject and use VaultTemplate

public class Example {

  // inject the actual template
  @Autowired
  private VaultOperations operations;

  public void writeSecrets(String userId, String password) {

    Map<String, String> data = new HashMap<String, String>();
    data.put("password", password);

    operations.write(userId, data);
  }

  public Person readSecrets(String userId) {

    VaultResponseSupport<Person> response = operations.read(userId, Person.class);
    return response.getBody();
    }
}

Vault PropertySource

@VaultPropertySource(value = "aws/creds/s3",
  propertyNamePrefix = "aws."
  renewal = Renewal.RENEW)
public class MyConfig {

}

public class Example {

  // inject the actual values
  @Value("${aws.access_key}")
  private String awsAccessKey;

  @Value("${aws.secret_key}")
  private String awsSecretKey;

  public InputStream getFileFromS3(String filenname) {
    // …
  }
}
Spring Initializr

Quickstart Your Project

Bootstrap your application with Spring Initializr.

Documentation

Each Spring project has its own; it explains in great details how you can use project features and what you can achieve with them.
3.0.0 CURRENT GA Reference Doc. API Doc.
2.4.0-SNAPSHOT SNAPSHOT
2.3.2-SNAPSHOT SNAPSHOT
2.3.1 GA Reference Doc. API Doc.
Branch Initial Release End of Support End Commercial Support *
3.0.x
2022-11-25 2023-11-25 2025-03-25
2.3.x
2020-12-22 2021-12-22 2023-11-25
2.2.x
2019-11-06 2020-11-06 2022-03-06
2.1.x
2018-10-02 2019-10-02 2021-02-02
2.0.x
2018-02-20 2019-02-20 2020-06-20

OSS support

Free security updates and bugfixes with support from the Spring community. See VMware Tanzu OSS support policy.

Commercial support

Business support from Spring experts during the OSS timeline, plus extended support after OSS End-Of-Life.
Publicly available releases for critical bugfixes and security issues when requested by customers.

Future release

Generation not yet released, timeline is subject to changes.

About commercial support (*)

This page shows the current state of project releases and does not define the commercial support policy. Please refer to the official support policy for more information.