Vault Spring client keeps its connectivity to vault

Question

I have a spring-boot application that uses vault to keep its secrets. The connection to vault is by a dedicated class with the @VaultPropertySource annotation. The connectivity configuration is in bootstrap.yaml file. I need the connection only on application startup to read all the secrets, but I see that spring keeps checking the connectivity all over the application life, so if I shut down the vault, my application is crashed because a connectivity lost. So my question is, how can I configure spring to not keep the connectivity after the application startup.

Note: I know the fail-fast configuration, but this is very general configuration. I want that my application will fail if there is no connection on startup to read the secrets, but I don't want to be depend on vault all over the application life.

Answer 1

This is how we have configured in our setup with spring config server:

Add dependency info for clients in pom.xml

<dependency>
     <groupId>org.springframework.cloud</groupId>
     <artifactId>spring-cloud-starter-vault-config</artifactId>
     <version>1.1.0.RELEASE</version>
</dependency>

Add vault configuration in bootstrap.yml

spring:
  cloud:
    config:
      uri: ${CONFIG_SERVER_URI}
      username: ****
      password: ****
    vault:
      uri: ${VAULT_URI}
      authentication: token
      token: ${SPRING_CLOUD_VAULT_TOKEN}
  application:
    name: APP-NAME

Provide the required arguments while running the jar.

exec java $JAVA_OPTS -jar -Drun.arguments=--spring.cloud.config.uri=${CONFIG_SERVER_URI} \
     -Drun.arguments=--spring.cloud.vault.uri=${VAULT_URI} \
     -Dspring.cloud.vault.token=${SPRING_CLOUD_VAULT_TOKEN} \
     APP-NAME.jar

Hope this helps.