spring cloud vault pull path wrong

Question

I have this config for spring cloud vault. I am trying to pull a kv secret form location appcodes/AAAA/BBBB/CCCCC On starting application I see:

RequestedSecret [path='appcodes/data/AAAA/BBBB/CCCCC', mode=RENEW]]

Can anyone tell me why is data being appended to the path?

spring:
    cloud:
        vault:
            scheme: https
            host: xxxxxx
            port: 443
            connection-timeout: 5000
            read-timeout: 15000
            authentication: TOKEN
            token: xxxxxxx
            kv:
                enabled: true
                backend: appcodes
                profile-separator: '/'
                default-context: application
                application-name: AAAA/BBBB/CCCCC

score 0 · Answer 1 · answered Dec 11 '18 at 22:36

Vault has two KV secrets engine. In second version /data should be added, see https://www.vaultproject.io/docs/secrets/kv/kv-v2.html#acl-rules

So Spring Cloud Vault has support for 2 back-ends: generic (v1) and kv (v2). And it does it automatically.

Spring Cloud Vault adds the data/ context between the mount path and the actual context path.

See more at: Generic Backend Documentation, Versioned Key-Value Backend Documentation

spring cloud vault pull path wrong

1 Answers1