0

What I have:

  • HCP Vault in Development mode
  • Simple Spring Client using Spring Cloud Vault
  • CLI Client

Desried Outcome: Inject data into a variable using HCP Vault

What is working:

  • Run Vault locally (in dev mode) and inject data into the variable
  • Get the data from the HCP Vault using vault CLI

Notes:

  • I'm generating the admin token to avoid the use of policies
  • The secrets in HCP Vault and my local Vault are identical

This is my application.yml file:

spring.application.name: my-spring-boot-app


spring.cloud.vault:
  host: vault-cluster-public-vault-fjkdsahfdjksa.hfjksdfhdsajk.hashicorp.cloud
  port: 8200
  scheme: https
  authentication: TOKEN
  token: hvs.fdsjfhdsakjfhdasjkfhdasjkfhdasjkfhdasjkfhdasjkfhdasjkfhdsakj


spring.config.import: vault://

logging.level.org: INFO
logging.level.com: INFO
Alexander Tilkin
  • 149
  • 1
  • 2
  • 13
  • Are you getting any errors? – spencergibb Sep 12 '22 at 18:25
  • @spencergibb, no. Now I created a token based on a policy. `path "secret/data/my-spring-boot-app" { capabilities = ["read"] }` I'm able to read the secret. But I created a REST request and got 403. `curl \ -H "X-Vault-Token: fjdskafjsakf-fjdskajfdsjakfsa-jfdksafjlaks" \ -X GET \ https://vault-cluster-public-vault-43267432.4732843.z1.hashicorp.cloud:8200/v1/secret/data/my-spring-boot-app` – Alexander Tilkin Sep 12 '22 at 18:41
  • Sorry, I'm confused about what actually the problem is. – spencergibb Sep 12 '22 at 19:48

1 Answers1

0

The problem was that I was missing the namespace header.

spring.cloud.vault:
  host: vault-cluster-public-vault-fjkdsahfdjksa.hfjksdfhdsajk.hashicorp.cloud
  port: 8200
  scheme: https
  namespace: admin
  authentication: TOKEN
  token: ${VAULT_TOKEN}

spring.config.import: vault://

Alexander Tilkin
  • 149
  • 1
  • 2
  • 13