Get ahead
VMware offers training and certification to turbo-charge your progress.
Learn moreSpring Vault provides familiar Spring abstractions and client-side support for accessing, storing and revoking secrets. It offers both low-level and high-level abstractions for interacting with Vault, freeing the user from infrastructural concerns.
With HashiCorp’s Vault you have a central place to manage external secret data for applications across all environments. Vault can manage static and dynamic secrets such as application data, username/password for remote applications/resources and provide credentials for external services such as MySQL, PostgreSQL, Apache Cassandra, Consul, AWS and more.
Spring configuration support using Java based @Configuration classes.
VaultTemplate
helper class that increases productivity performing common Vault operations. Includes integrated object mapping between documents and POJOs.
Supported authentication mechanisms:
Token
AppRole
AWS-EC2
AWS-IAM
Azure MSI
Certificates (PKI)
Cubbyhole
GCP-GCE
GCP-IAM
Kubernetes
Pivotal CloudFoundry
Annotation-based @VaultPropertySource
integration
Support for renewable and rotating secrets
Feature Rich Object Mapping integrated with Spring’s Conversion Service
Annotation based mapping metadata but extensible to support other metadata formats
Automatic implementation of Repository interfaces including support for custom query methods.
@Configuration
class VaultConfiguration extends AbstractVaultConfiguration {
@Override
public VaultEndpoint vaultEndpoint() {
return new VaultEndpoint();
}
@Override
public ClientAuthentication clientAuthentication() {
return new TokenAuthentication("…");
}
}
public class Example {
// inject the actual template
@Autowired
private VaultOperations operations;
public void writeSecrets(String userId, String password) {
Map<String, String> data = new HashMap<String, String>();
data.put("password", password);
operations.write(userId, data);
}
public Person readSecrets(String userId) {
VaultResponseSupport<Person> response = operations.read(userId, Person.class);
return response.getBody();
}
}
PropertySource
@VaultPropertySource(value = "aws/creds/s3",
propertyNamePrefix = "aws."
renewal = Renewal.RENEW)
public class MyConfig {
}
public class Example {
// inject the actual values
@Value("${aws.access_key}")
private String awsAccessKey;
@Value("${aws.secret_key}")
private String awsSecretKey;
public InputStream getFileFromS3(String filenname) {
// …
}
}