Best way to connect spring boot application to VAULT using LDAP authentication method

Question

I am trying to connect my Java application to Enterprise Vault using LDAP authentication method.

spring won't provide a direct way to connect with like it provide for TOKEN

spring.cloud.vault.uri=https:8080/vault/uri
spring.cloud.vault.namespace=admin
spring.cloud.vault.authentication=TOKEN
spring.cloud.vault.token=some-token

and APPROLE

spring.cloud.vault.uri=https:8080/vault/uri
spring.cloud.vault.namespace=admin
spring.cloud.vault.authentication=APPROLE
spring.cloud.vault.app-role.role-id=
spring.cloud.vault.app-role.secret-id=
spring.cloud.vault.app-role.role=
spring.cloud.vault.app-role.app-role-path=

Can somebody help me to connect with Enterprise Vault using LDAP method

Answer 1

Hi @Pramendra Raghuwanshi, Hope this helps. https://www.vaultproject.io/docs/auth/ldap As per this link, there are 2 options

1. Use Vault CLI to authenticate using a LDAP account and set the environment variable VAULT_TOKEN
2. Use the API, to do LDAP authentication and get the token and then set the environment variable VAULT_TOKEN

So, if you use VAULT_TOKEN variable in your Spring boot config, it should work. The authentication and setting the VAULT_TOKEN shall be a pre-requisite task before staring the Spring boot app. Something which can be automated as part of your app start up process?

Answer 2

Surprisingly spring cloud vault doesn't support LDAP as auth method; Even no documentation exits on why it doesn't support or constraints etc..

This standalone (https://github.com/BetterCloud/vault-java-driver) impl does support LDAP autentication but there is no community/opensource support for this.