I'm trying to configure Spring vault, and for some reason, I need to disable SSL verification. Is there any known way to configure Spring Vault to ignore SSL?
Asked
Active
Viewed 382 times
1
-
Hi @meldevep, did you find any answer to this? – thelearner Aug 02 '22 at 10:40
-
Hey @thelearner. There is no out-of-box way to do so. One of the project contributors mentioned they do not like this idea [link](https://github.com/spring-projects/spring-vault/issues/130). You may want to rewrite some classes that will lead to accepting any certificate. `SSLContext sslContext = SSLContext.getInstance("SSL"); // set up a TrustManager that trusts everything` – meldevep Aug 04 '22 at 09:06
-
Thanks for the reply @meldevep. I'm facing this SSL issue from last one week. I'm able to connect to local vault server via token & AppRole authentication mechanism but I'm not able to connect to our dev vault server on AWS or Azure. Everytime, it gives SSL Peer shut down error. So, I thought if I can skip the SSL part, may be I can check if I'm able to connect to our dev vault server. – thelearner Aug 04 '22 at 09:54
-
1@thelearner As I said, there is no way that I'm aware of to disable ssl verification in Spring Vault. There is an alternative library from HashiCorp that provides SSL configuration out-of-box [BetterCloud/vault-java-driver](https://github.com/BetterCloud/vault-java-driver#ssl-config). You may also want to check this [topic](https://www.javafixing.com/2022/04/fixed-how-to-disable-ssl-certificate.html?m=1) that may be useful for you. Cheers! That’s all I can help with. In the end I just used BetterCloud vault driver – meldevep Aug 04 '22 at 11:24
1 Answers
0
As the project's github page states - there is no way to disable SSL verification in Spring Vault. Please refer to project github issue . Alternatively If someone has the answer, please feel free to post
meldevep
- 501
- 1
- 4
- 4