When running Spring Boot locally, I’m using the default TOKEN based authentication with the spring-cloud-starter-vault-config
dependency.
Running vault login -method oidc
saves a fresh vault token to ~/.vault-token with a 12h TTL.
Spring Cloud Vault then automatically picks up the token from that file. No further Spring Boot configuration is needed.
What I like about this solution is it’s simple and works automatically for everyone in my team, as long as they have Vault CLI installed on their machines.
Is there any other similarly elegant solution that wouldn’t depend on saving the token in plain text in a text file on every developer machine? E.g. can spring cloud vault be combined with Vault CLI’s token_helper scripts?