I am trying to update my datasource with dynamic credentials that I get via Hashicorp Vault. I followed this tutorial: https://developer.hashicorp.com/vault/tutorials/app-integration/spring-reload-secrets This works very well and reliably so far. However, I have the problem that every time I update the secrets, spring does not shut down the current hikari pool and instead open another one on top. So the current connections remain in MariaDB, which of course leads to the following message from MariaDb after a certain time: Too many connections. Even closing the datasources before the context.refresh doesn’t help.

application.properties:

# configure access to Vault
spring.cloud.vault.uri=https://xxx.xxx
spring.cloud.vault.token=0000-0000-0000

# set up configuration import from Vault
spring.config.import=vault://

# configure KV backend
spring.cloud.vault.kv.enabled=false

# configure database secrets engine
spring.cloud.vault.database.enabled=true
spring.cloud.vault.database.role=db-role
spring.cloud.vault.database.backend=database

# tune lease renewal and expiry threshold for 8 minute max ttl
spring.cloud.vault.config.lifecycle.min-renewal=120s
spring.cloud.vault.config.lifecycle.expiry-threshold=40s

spring.datasource.driver-class-name=org.mariadb.jdbc.Driver
spring.datasource.url=jdbc:mariadb://xxx.xxx.xxx.xxxx:3306/

DatasourceConfig:

@Configuration
@Slf4j
public class DatasourceConfig {

    @Bean
    @RefreshScope
    public DataSource meeteryDataSource(DataSourceProperties properties) {

        String base = "base";

        String meetery_db_drv = properties.getDriverClassName();
        String meetery_db_url = properties.getUrl();
        String meetery_db_usr = properties.getUsername();
        String meetery_db_pwd = properties.getPassword();

        Map<Object, Object> resolvedDataSources = new HashMap<>();
        List<String> tenants = getAllTenants(db_drv, db_url, db_usr, db_pwd, base);

        for(String tenant : tenants) {
            DataSourceBuilder<?> dataSourceBuilder = DataSourceBuilder.create();

            dataSourceBuilder.driverClassName(meetery_db_drv);

            dataSourceBuilder.url(db_url.replace("_base", "_" + tenant));
            dataSourceBuilder.username(db_usr);
            dataSourceBuilder.password(db_pwd);
            resolvedDataSources.put(tenant, dataSourceBuilder.build());

        }

        AbstractRoutingDataSource dataSource = new MeeteryMultiTenantDatasource();
        dataSource.setDefaultTargetDataSource(resolvedDataSources.get(base));
        dataSource.setTargetDataSources(resolvedDataSources);

        dataSource.afterPropertiesSet();
        return dataSource;

    }

    private List<String> getAllTenants(String db_drv, String db_url, String db_usr, String db_pwd, String base) {
        List<String> tenants = new ArrayList<>();

        DataSourceBuilder<?> dataSourceBuilder = DataSourceBuilder.create();
        dataSourceBuilder.driverClassName(meetery_db_drv);
        dataSourceBuilder.url(meetery_db_url);
        dataSourceBuilder.username(meetery_db_usr);
        dataSourceBuilder.password(meetery_db_pwd);
        DataSource dataSource = dataSourceBuilder.build();

        JdbcTemplate jdbcTemplate = new JdbcTemplate(dataSource);
        List<Map<String, Object>> rows = jdbcTemplate.queryForList("SELECT meeting_uuid from tbl_01_meeting");

        tenants.add(base);

        for (Map<String, Object> row : rows) {
            tenants.add((String) row.get("meeting_uuid"));
        }

        return tenants;
    }
}

VaultRefresher:

VaultRefresher(@Value("${spring.cloud.vault.database.role}") String databaseRole,
                   @Value("${spring.cloud.vault.database.backend}") String databaseBackend,
                   SecretLeaseContainer leaseContainer,
                   ContextRefresher contextRefresher)
    {

        String vaultCredsPath = String.format("%s/creds/%s", databaseBackend, databaseRole);

        log.info("Vault credentials path: {}", vaultCredsPath);

        leaseContainer.addLeaseListener(event -> {
            if (vaultCredsPath.equals(event.getSource().getPath())) {
                if (event instanceof SecretLeaseExpiredEvent) {
                    MeeteryapiApplication.shutdownHikariPool();
                    contextRefresher.refresh();
                    log.info("Refresh database credentials");
                }
            }
        });
    }

MeeteryMultiTenantDatasource:

public class MeeteryMultiTenantDatasource extends AbstractRoutingDataSource {

    @Override
    protected Object determineCurrentLookupKey() {
        return MeeteryTenantContext.getCurrentTenant();
    }
}

MeeteryapiApplication:

@SpringBootApplication
@EnableMethodSecurity(proxyTargetClass = true, securedEnabled = true, jsr250Enabled = true)
public class MeeteryapiApplication {

    private static ConfigurableApplicationContext applicationContext;

    public static void main(String[] args) {
        SpringApplication.run(MeeteryapiApplication.class, args);
    }

    public static void shutdownHikariPool() {
        if (applicationContext != null) {
            MeeteryMultiTenantDatasource meeteryMultiTenantDatasource = applicationContext.getBean(MeeteryMultiTenantDatasource.class);
            for(Map.Entry<Object, DataSource> entry : meeteryMultiTenantDatasource.getResolvedDataSources().entrySet()) {
                DataSource ds = entry.getValue();
                if (ds instanceof com.zaxxer.hikari.HikariDataSource) {
                    ((com.zaxxer.hikari.HikariDataSource) ds).close();
                }
            }

        }

    }

}

I am really stuck at that point.