How to retrieve vault properties to configure MongoDB properties in application.yml?

Question

I want to retrieve some secret (DB username/password) from the vault and configure MongoDB using spring.data.mongodb.

I have vault integration done in my spring-boot-starter-data-mongodb application.

Hardcoded values are working fine, tried to get vault properties using ${vault.application-name.property_name}

This is the configuration I provided in application.yml:

spring:
  data:
    mongodb: 
      host: 10.xx.xxx.xxx
      port: 27017
      database: ${vault.application-name.database-name}
      username: ${vault.application-name.database-username}
      password: ${vault.application-name.database-password}
      authentication-database: ${vault.application-name.authentication-database}

Considering if the above configuration is correct I should receive these properties from the vault but currently, the application is throwing the following exception while execution:

2019-07-29 11:28:20,683 [iption='null'}-localhost:27017] org.mongodb.driver.cluster INFO Exception in monitor thread while connecting to server localhost:27017
com.mongodb.MongoSocketOpenException: Exception opening socket
    at com.mongodb.connection.SocketStream.open(SocketStream.java:63) ~[mongodb-driver-core-3.4.3.jar:?]
    at com.mongodb.connection.InternalStreamConnection.open(InternalStreamConnection.java:115) ~[mongodb-driver-core-3.4.3.jar:?]
    at com.mongodb.connection.DefaultServerMonitor$ServerMonitorRunnable.run(DefaultServerMonitor.java:113) [mongodb-driver-core-3.4.3.jar:?]
    at java.lang.Thread.run(Thread.java:748) [?:1.8.0_181]
Caused by: java.net.ConnectException: Connection refused (Connection refused)
    at java.net.PlainSocketImpl.socketConnect(Native Method) ~[?:1.8.0_181]
    at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:350) ~[?:1.8.0_181]
    at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206) ~[?:1.8.0_181]
    at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:188) ~[?:1.8.0_181]
    at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392) ~[?:1.8.0_181]
    at java.net.Socket.connect(Socket.java:589) ~[?:1.8.0_181]
    at com.mongodb.connection.SocketStreamHelper.initialize(SocketStreamHelper.java:57) ~[mongodb-driver-core-3.4.3.jar:?]
    at com.mongodb.connection.SocketStream.open(SocketStream.java:58) ~[mongodb-driver-core-3.4.3.jar:?]
    ... 3 more

Answer 1

When integrating with Spring Cloud Vault, ideally the only thing to provide is a role name. I wouldn't suggest any other integration approaches than Spring Cloud Vault with Spring Boot because you would need to fetch properties before Spring Boot initializes the MongoDB configuration and that can turn out quite tricky.

See docs for further reference and here's the link to a MySQL with Spring Cloud Vault sample.