Fallback to local config if Spring Vault config is disabled

Question

For the development environment, I have configured bootstrap.properties to disable vault configuration.

spring.cloud.vault.enabled=false

If it is disabled then the application should read the properties from local config application.properties file. But how to do that?

As a workaround, I have defined the local properties in application.properties as below

xyz.db.user=${xyz.db.user.fromVault:test}
xyz.db.password=${xyz.db.password.fromVault:test}

So the application first checks if xyz.db.user.fromVault property is configured in vault. If not, then set xyz.db.user to test

But this doesn't feel like a right approach, as I need to maintain multiple properties. Is there any right way?

Answer 1

TL;DR

It depends.

Explanation

Providing fallback values for configuration properties is in general a good way to deal with defaults. If you have only a couple of these, then you can use this approach.

However, there's a caveat:

Data stored in Vault is somewhat depending on environments and typically sensitive (usernames, passwords). These aren't things you would like to store in your code or even in a properties file.

You could have a separate properties file (e.g. separated by profiles) that contains values for your non-Vault environment, but the actual question is, why you'd want to provide defaults at all?

If you have a remote database requiring credentials you'd might want to ask yourself the question: How much does it hurt if these credentials get exposed to unintended third parties? If your answer is: Not much, then storing these credentials in a profile-bound properties file is the way to go. If it hurts much, then I'd see two options:

1. Use Vault (which solves the actual issue of sensitive data)
2. Use a different approach (e.g. an in-memory database) that eliminates the need for credentials in the first place.