I’m integrating my spring boot application with HashiCorp Vault for storing secrets like database credentials and other application-specific secrets in HashiCorp Vault. I’ve successfully stored database credentials but I’m not able to understand the KV secrets as I’m not able to access KVs from HashiCorp Vault.
Here is the script that I ran to add database_connection_url Key in Vault:
#!/bin/bash
# Add database secrets engine
vault kv put secret/spring-cloud-vault-demo/config database_connection_url=jdbc:postgresql://localhost:5432/spring-cloud-vault-demo
Output of the above script:
Read KV:
The application.yml config file is as follows:
spring:
config:
import: vault://
application:
name: spring-cloud-vault-demo
profiles:
active: local
cloud:
vault:
authentication: TOKEN
token: hvs.GjEgcdLMBBIzgcKmh05uwedJ
scheme: http
host: localhost
port: 8200
fail-fast: true
kv:
enabled: true
backend: secret
#default-context: spring-cloud-vault-demo
database:
enabled: true
role: dynamic-role
What have I tried?
Injecting the KV into a variable using @Value annotation
// One way
@Value("${vault.spring-cloud-vault-demo.config.database_connection_url}")
private String secretValue;
// Another way
@Value("${database_connection_url}")
private String secretValue;
This produces error as Caused by: java.lang.IllegalArgumentException: Could not resolve placeholder 'vault.spring-cloud-vault-demo.config.database_connection_url' in value "${vault.spring-cloud-vault-demo.config.database_connection_url}"
Secondly injecting KV directly into application.yml:
# One way
jdbc:${vault.spring-cloud-vault-demo.config.database_connection_url}
#Another way
${vault.spring-cloud-vault-demo.config.database_connection_url}
This produces errors as Caused by: java.lang.RuntimeException: Driver org.postgresql.Driver claims to not accept jdbcUrl, jdbc:${vault.spring-cloud-vault-demo.config.database_connection_url}
Thanks!