It is possible to access Git for some properties and Vault for others using the same config server. Access to Vault locations is granted to individual client through the use of a Vault token. The Vault token is passed automatically to the config server as a header at runtime. You would need to configure your config server with the Vault dependencies and add properties to access both Git and Vault something like this (not the 'vault' profile):-
server:
port: 8888
spring:
profiles:
active: git, vault
application:
name: my-domain-configuration-server
cloud:
config:
server:
git:
uri: https://mygit/my-domain-configuration
order: 1
vault:
order: 2
host: vault.mydomain.com
port: 8200
scheme: https
On your client you need to configure the authorization token supplied by Vault. Note the example below illustrates the property. You can put it into your application yaml files, because it is a per application/per environment token. However I prefer to inject it into the environment during deployment.
spring:
cloud:
config:
uri: https://configserver:8888/
token: <secret token>
You should consult the Vault documentation to understand how to authorize your token to access specific locations but the rules may look something like this:-
{
path "secret/myapp-app" {
policy = "read"
}
path "secret/myapp-app/*" {
policy = "read"
}
path "secret/application" {
policy = "read"
}
path "secret/application/*" {
policy = "read"
}"
}
Finally, it is also possible to access your Git through config server and access Vault directly from your client instead of configuring config server to access both. In this case you need to add the Vault dependencies to the client and configure the client properties to access Vault. You still need the authorization token in the client.
