I have configured my spring application to use vault with authentication based on approle. I have disabled bootstrapping. Handling approle based authentication programmatically.
Following are the artifacts :
enter image description here
<code>pom.xml :
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>3.2.3</version>
<relativePath/> <!-- lookup parent from repository -->
</parent>
<spring-cloud.version>2023.0.2</spring-cloud.version>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-vault-config</artifactId>
</dependency>
</code>
<code>pom.xml :
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>3.2.3</version>
<relativePath/> <!-- lookup parent from repository -->
</parent>
<spring-cloud.version>2023.0.2</spring-cloud.version>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-vault-config</artifactId>
</dependency>
</code>
pom.xml :
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>3.2.3</version>
<relativePath/> <!-- lookup parent from repository -->
</parent>
<spring-cloud.version>2023.0.2</spring-cloud.version>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-vault-config</artifactId>
</dependency>
<code>bootstrap.properties :
spring.application.name=mnp
spring.cloud.vault.authentication=approle
spring.cloud.vault.uri=http://127.0.0.1:8200
spring.cloud.vault.kv.enabled=true
spring.cloud.vault.kv.backend=secret
</code>
<code>bootstrap.properties :
spring.application.name=mnp
spring.cloud.vault.authentication=approle
spring.cloud.vault.uri=http://127.0.0.1:8200
spring.cloud.vault.kv.enabled=true
spring.cloud.vault.kv.backend=secret
</code>
bootstrap.properties :
spring.application.name=mnp
spring.cloud.vault.authentication=approle
spring.cloud.vault.uri=http://127.0.0.1:8200
spring.cloud.vault.kv.enabled=true
spring.cloud.vault.kv.backend=secret
<code>package com.hello.vaultDemo;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.springframework.cloud.vault.config.SecretBackendConfigurer;
import org.springframework.cloud.vault.config.VaultConfigurer;
import org.springframework.context.annotation.Configuration;
import org.springframework.util.StringUtils;
import org.springframework.vault.authentication.AppRoleAuthentication;
import org.springframework.vault.authentication.AppRoleAuthenticationOptions;
import org.springframework.vault.authentication.ClientAuthentication;
import org.springframework.vault.client.VaultEndpoint;
import org.springframework.vault.config.AbstractVaultConfiguration;
@Configuration("CustomVaultConfiguration")
public class CustomVaultConfiguration extends AbstractVaultConfiguration implements VaultConfigurer{
private static final Logger logger = LogManager.getLogger(CustomVaultConfiguration.class);
@Override
public VaultEndpoint vaultEndpoint() {
return VaultEndpoint.from("http://127.0.0.1:8200");
}
@Override
public ClientAuthentication clientAuthentication() {
try {
String roleId = "d8de84ad-k201-48eb-5e8c-3d502b3e7496";
String secretId = "e5d8f8a3-8adc-312b-3a09-e494b09e1995";
AppRoleAuthenticationOptions.AppRoleAuthenticationOptionsBuilder builder = AppRoleAuthenticationOptions.builder().roleId(AppRoleAuthenticationOptions.RoleId.provided(roleId)).path("approle");
if (StringUtils.hasText(secretId)) {
builder = builder.secretId(AppRoleAuthenticationOptions.SecretId.provided(secretId));
}
return new AppRoleAuthentication(builder.build(), this.restOperations());
}catch (Exception ex){
logger.info("exception occurred while vault configuration, msg - {}", ex.getMessage(), ex);
throw new Error("Failed to initialize vault!");
}
}
@Override
public void addSecretBackends(SecretBackendConfigurer configurer) {
configurer.add("secret/data/mnp");
}
}
</code>
<code>package com.hello.vaultDemo;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.springframework.cloud.vault.config.SecretBackendConfigurer;
import org.springframework.cloud.vault.config.VaultConfigurer;
import org.springframework.context.annotation.Configuration;
import org.springframework.util.StringUtils;
import org.springframework.vault.authentication.AppRoleAuthentication;
import org.springframework.vault.authentication.AppRoleAuthenticationOptions;
import org.springframework.vault.authentication.ClientAuthentication;
import org.springframework.vault.client.VaultEndpoint;
import org.springframework.vault.config.AbstractVaultConfiguration;
@Configuration("CustomVaultConfiguration")
public class CustomVaultConfiguration extends AbstractVaultConfiguration implements VaultConfigurer{
private static final Logger logger = LogManager.getLogger(CustomVaultConfiguration.class);
@Override
public VaultEndpoint vaultEndpoint() {
return VaultEndpoint.from("http://127.0.0.1:8200");
}
@Override
public ClientAuthentication clientAuthentication() {
try {
String roleId = "d8de84ad-k201-48eb-5e8c-3d502b3e7496";
String secretId = "e5d8f8a3-8adc-312b-3a09-e494b09e1995";
AppRoleAuthenticationOptions.AppRoleAuthenticationOptionsBuilder builder = AppRoleAuthenticationOptions.builder().roleId(AppRoleAuthenticationOptions.RoleId.provided(roleId)).path("approle");
if (StringUtils.hasText(secretId)) {
builder = builder.secretId(AppRoleAuthenticationOptions.SecretId.provided(secretId));
}
return new AppRoleAuthentication(builder.build(), this.restOperations());
}catch (Exception ex){
logger.info("exception occurred while vault configuration, msg - {}", ex.getMessage(), ex);
throw new Error("Failed to initialize vault!");
}
}
@Override
public void addSecretBackends(SecretBackendConfigurer configurer) {
configurer.add("secret/data/mnp");
}
}
</code>
package com.hello.vaultDemo;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.springframework.cloud.vault.config.SecretBackendConfigurer;
import org.springframework.cloud.vault.config.VaultConfigurer;
import org.springframework.context.annotation.Configuration;
import org.springframework.util.StringUtils;
import org.springframework.vault.authentication.AppRoleAuthentication;
import org.springframework.vault.authentication.AppRoleAuthenticationOptions;
import org.springframework.vault.authentication.ClientAuthentication;
import org.springframework.vault.client.VaultEndpoint;
import org.springframework.vault.config.AbstractVaultConfiguration;
@Configuration("CustomVaultConfiguration")
public class CustomVaultConfiguration extends AbstractVaultConfiguration implements VaultConfigurer{
private static final Logger logger = LogManager.getLogger(CustomVaultConfiguration.class);
@Override
public VaultEndpoint vaultEndpoint() {
return VaultEndpoint.from("http://127.0.0.1:8200");
}
@Override
public ClientAuthentication clientAuthentication() {
try {
String roleId = "d8de84ad-k201-48eb-5e8c-3d502b3e7496";
String secretId = "e5d8f8a3-8adc-312b-3a09-e494b09e1995";
AppRoleAuthenticationOptions.AppRoleAuthenticationOptionsBuilder builder = AppRoleAuthenticationOptions.builder().roleId(AppRoleAuthenticationOptions.RoleId.provided(roleId)).path("approle");
if (StringUtils.hasText(secretId)) {
builder = builder.secretId(AppRoleAuthenticationOptions.SecretId.provided(secretId));
}
return new AppRoleAuthentication(builder.build(), this.restOperations());
}catch (Exception ex){
logger.info("exception occurred while vault configuration, msg - {}", ex.getMessage(), ex);
throw new Error("Failed to initialize vault!");
}
}
@Override
public void addSecretBackends(SecretBackendConfigurer configurer) {
configurer.add("secret/data/mnp");
}
}
<code>package com.hello.vaultDemo;
import jakarta.annotation.PostConstruct;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.core.env.Environment;
import org.springframework.stereotype.Component;
import org.springframework.vault.core.VaultTemplate;
import org.springframework.vault.support.VaultResponse;
@Component
public class test {
@Value("${one:null}")
String onee;
@Value("${two:null}")
String twoo;
@Autowired
VaultTemplate vaultTemplate;
@Autowired
Environment environment;
@PostConstruct
public void init() {
VaultResponse response = vaultTemplate.read("secret/data/mnp");
System.out.println("response - "+ response.getData());
System.out.println("onee - "+ onee);
System.out.println("twoo - "+ twoo);
System.out.println("one "+environment.getProperty("one"));
}
}
OUTPUT :
response - {data={one=1, three=3, two=2}, metadata={created_time=2024-06-18T04:05:58.519111Z, custom_metadata=null, deletion_time=, destroyed=false, version=1}}
onee - null
twoo - null
one null
</code>
<code>package com.hello.vaultDemo;
import jakarta.annotation.PostConstruct;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.core.env.Environment;
import org.springframework.stereotype.Component;
import org.springframework.vault.core.VaultTemplate;
import org.springframework.vault.support.VaultResponse;
@Component
public class test {
@Value("${one:null}")
String onee;
@Value("${two:null}")
String twoo;
@Autowired
VaultTemplate vaultTemplate;
@Autowired
Environment environment;
@PostConstruct
public void init() {
VaultResponse response = vaultTemplate.read("secret/data/mnp");
System.out.println("response - "+ response.getData());
System.out.println("onee - "+ onee);
System.out.println("twoo - "+ twoo);
System.out.println("one "+environment.getProperty("one"));
}
}
OUTPUT :
response - {data={one=1, three=3, two=2}, metadata={created_time=2024-06-18T04:05:58.519111Z, custom_metadata=null, deletion_time=, destroyed=false, version=1}}
onee - null
twoo - null
one null
</code>
package com.hello.vaultDemo;
import jakarta.annotation.PostConstruct;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.core.env.Environment;
import org.springframework.stereotype.Component;
import org.springframework.vault.core.VaultTemplate;
import org.springframework.vault.support.VaultResponse;
@Component
public class test {
@Value("${one:null}")
String onee;
@Value("${two:null}")
String twoo;
@Autowired
VaultTemplate vaultTemplate;
@Autowired
Environment environment;
@PostConstruct
public void init() {
VaultResponse response = vaultTemplate.read("secret/data/mnp");
System.out.println("response - "+ response.getData());
System.out.println("onee - "+ onee);
System.out.println("twoo - "+ twoo);
System.out.println("one "+environment.getProperty("one"));
}
}
OUTPUT :
response - {data={one=1, three=3, two=2}, metadata={created_time=2024-06-18T04:05:58.519111Z, custom_metadata=null, deletion_time=, destroyed=false, version=1}}
onee - null
twoo - null
one null
<code></code>
<code></code>
application is able to access properties through vaulttemplate.read() method. How can i access properties using @Value or environment bean.