Spring Vault & Hibernate credentials

Question

I have some database credentials stored in Vault.
How can I take/use credentials for Hibernate before Hibernate init?

Answer 1

You would rather provide credentials to your data source than to Hibernate. There is no integration to inject credentials into a persistence.xml config.

Depending on your application and the set up you either want to take the route @StanislavL proposed.

If your application is Spring Boot-based, then take a look at the Spring Cloud Vault MySQL example. It configures spring.datasource.username and spring.datasource.password for you so you don't require any additional setup.

Answer 2

There is my solution.

public class DatabaseCredentialsLogic {
    private String vaultSecretPath;
    private VaultTemplate vaultTemplate;
    private DatabaseCredentials databaseCredentials;

    @Autowired
    public DatabaseCredentialsLogic(VaultTemplate vaultTemplate, Environment env) {
        this.vaultTemplate = vaultTemplate;
        vaultSecretPath = env.getProperty("vault.secret.path");
    }

    public void init() {
        VaultResponseSupport<DatabaseCredentials> response = 
            vaultTemplate.read(vaultSecretPath, DatabaseCredentials.class);
        databaseCredentials = response.getData();
    }

    public String getUrl() {
        return databaseCredentials.getUrl();
    }

    // Getters login & password
}

And just used Spring Expression Language in context

<context:component-scan base-package="my.package" />
<bean id="databaseCredentials" class="my.package.DatabaseCredentialsLogic" init-method="init"/>
<bean id="dataSource" class="org.apache.commons.dbcp.BasicDataSource"
      destroy-method="close">
    <property name="driverClassName" value="oracle.jdbc.OracleDriver" />
    <property name="url" value="#{databaseCredentials.url}" />
    <property name="username" value="#{databaseCredentials.login}" />
    <property name="password" value="#{databaseCredentials.password}" />
</bean>