1

When my application which uses Spring Cloud Vault starter is requesting info from Vault, it searches the followed paths at generic secret back-end:

  • secret/myapp/vault
  • secret/myapp/dev
  • secret/myapp
  • secret/application/vault
  • secret/application/dev
  • secret/application

So as you can see, it does a lot of requests to a Vault and that's a problem because Vault will create a lot of unnecessary logs which is bad for a few reasons.

How can I change paths for the requests?

For instance, I want my application to go to secret/myapp/{profile} and that's all.

mate200
  • 13
  • 5

1 Answers1

2

There are two approaches you can take:

  1. Setting spring.cloud.vault.generic.default-context to an empty value.
  2. Customize which paths Spring Vault accesses.
  3. Run your app with fewer profiles activated.

Spring Vault creates path matrices based on the application name multiplied with the profiles you activated and based on a generic name multiplied with active profiles.

Providing a VaultConfigurer bean inside the bootstrap context gives you the most control over paths accessed by Spring Cloud Vault:

public class MyVaultConfigurer implements VaultConfigurer {

    @Override
    public void addSecretBackends(SecretBackendConfigurer configurer) {

        configurer.add("secret/my-application");

        configurer.registerDefaultGenericSecretBackends(false);
        configurer.registerDefaultDiscoveredSecretBackends(true);
    }
}
mp911de
  • 17,546
  • 2
  • 55
  • 95
  • Thank you for so detailed explanation ! The problem is that I'm a DevOps, so I almost don't know how to code on Java. Can I add a feature request to github, which allows this modification through yml configuration ? – mate200 Mar 28 '18 at 10:44
  • 1
    @mp911de, how can I add `MyVaultConfigurer` to Bootstrap context? There is a short notice in the doc: https://cloud.spring.io/spring-cloud-vault/2.1.x/multi/multi_vault.config.backends.configurer.html "All customization is required to happen in the bootstrap context. Add your configuration classes to META-INF/spring.factories at org.springframework.cloud.bootstrap.BootstrapConfiguration in your application." But I don't know how to implement this recommendation. – Ievgen Aug 05 '20 at 16:07