4

I have a vault server hosted in Openshift and I have to access secrets from the Vault into my spring application. My bootstrap.yml looks like this : 

spring:
  application:
    name: application-name
  profiles: dev
  cloud:
    vault:
      fail-fast: true
      host: HOST
      port: 443
      scheme: https
      token: MY_TOKEN
      authentication: TOKEN
      kv:
        enabled: true
        backend: secret
        profile-separator: '/'
        application-name: application-name

I checked vault logs and able to make connection from spring application to vault.

I can access the secret using Value Property Source. However, I want to populate the secret's value into application.properties to update properties like spring.datasource.username and spring.datasource.password.

Is there any way to access the secret directly from application.properties?

Deepak Chaudhry
  • 219
  • 4
  • 12
Mrinal Kanti Ghosh
  • 51
  • 5

1 Answers1

2

TL; DR: Yes, you can use Vault properties in application.(properties|yml). It's not recommended to use these in bootstrap.(properties.yml).

Spring Cloud comes with a Bootstrap context where configuration libraries (such as Spring Cloud Consul, Spring Cloud Config and Spring Cloud Vault) are initialized. These integrations fetch configuration and provide these as a parent PropertySources to your application. Spring Boot considers these (you have options to use these PropertySources with the highest/lowest priority) during property binding and when you resolve a property value using Environment.

When bootstrapping an application, then typically one of the first things that happen is property binding in @ConfigurationProperties objects. At the time when bootstrap.(properties|yml) is loaded, typically Spring Cloud Config integrations didn't run yet so at that time you don't see properties contributed by these libraries. Therefore, there's the split between bootstrap context and the actual application context.

mp911de
  • 17,546
  • 2
  • 55
  • 95