spring-cloud-vault | Configuration Integration with HashiCorp Vault | Identity Management library
kandi X-RAY | spring-cloud-vault Summary
kandi X-RAY | spring-cloud-vault Summary
Specifically for Spring applications:.
Support
Quality
Security
License
Reuse
Top functions reviewed by kandi - BETA
- Create a new property source locator
- Builds a list of context names from the given application name and profiles
- Returns a collection of SecretBackendMetadata for the given vault
- Gets the property source configuration
- Creates a new VaultEndpoint object
- Creates a vault endpoint from the given service instance
- Loads a vault configuration
- Register a reactive infrastructure
- Fetch all the secrets from the vault
- Create secrets object
- Retrieves the Google credential from GCPI properties
- Transforms the input properties
- The vault end point
- Retrieves the Google credential from the GCPI properties
- Create a new VaultTemplate instance
- Creates a hash code for this instance
- Sets the composite property source
- Deserialize an error from a WebClientResponseException
- Returns whether or not the given values are equal
- Resolves the vault specific configuration
- Sets the application name
- Retrieve the vault instance
- Gets the vault instance
- Creates a spring - managed vault endpoint
- Returns a string representation of this class
- Return the variables for this credential
spring-cloud-vault Key Features
spring-cloud-vault Examples and Code Snippets
Community Discussions
Trending Discussions on spring-cloud-vault
QUESTION
I have many spring boot microservices and I have developed a new project that has Spring-Vault as a dependency. This new project (say vault-client-spring) is developed in order to have common configuration for setting up of Vault and use it in all of the microservices and I have published the jar in private maven hosted repository in my organization.
My problem is when I add this jar as dependency in any microservices, the application is not starting throwing the following error. The Spring-Cloud-Vault dependencies are not imported to my consuming projects. I've also added the necessary properties requrired starting with prefix spring.cloud.vault in bootstrap.yml file.
Here's my build.gradle file for vault-client-spring.
ANSWER
Answered 2021-Apr-05 at 11:24I found it myself. Since I'm developing as "library", I have to allow Spring-Vault dependencies to get included in consuming applications. As per Gradle's java-library plugin, I used api dependency. The consuming applications can able to access and bootstrap them.
QUESTION
In my Spring Boot project, I defined 4 profiles
- demo
- dev
- test
- prod
properties in YAML files will be replaced by HashiCorp Vault properties during startup. For this, I use Spring Cloud Vault library. Everything works as expected in Spring Boot 2.3.x
When I try to upgrade the project to Spring Boot 2.4.0 with Spring Cloud Vault 3.0.0-SNAPSHOT version, the properties are not being replaced
bootstrap.yml
...ANSWER
Answered 2020-Nov-30 at 18:57As pointed put by Nicoll, With Spring Cloud Vault 3.0 and Spring Boot 2.4, the bootstrap context initialization (bootstrap.yml, bootstrap.properties) of property sources was deprecated. This can be fixed in one of the 2 ways
- Use Spring Boot 2.4.0 Config Data API to import configuration from Vault
- Enable the bootstrap context either by setting the configuration property
spring.cloud.bootstrap.enabled=trueor by including the dependencyorg.springframework.cloud:spring-cloud-starter-bootstrap
1. Use Spring Boot 2.4.0 Config Data API
Move bootstrap.yml configuration to application.yml and define spring.config.import to import all profiles. And it looks like below
QUESTION
I have a project that adopts Spring Vault to fetch credential. Dependencies of the project are as following and build.gradle file is generated automatically afterwards.
When I build the project I got the error
Could not resolve org.springframework.vault:spring-vault-core:2.2.2.RELEASE.
Possible solution:
- Declare repository providing the artifact, see the documentation at https://docs.gradle.org/current/userguide/declaring_repositories.html
I have checked the libraries by going to the Project Structures and got the weird thing
The weird thing I mean here is about the path of the jar file. It should be something like
%GRADLE_HOME%\caches\modules-2\files-2.1\org.springframework.cloud\spring-cloud-vault-config\2.2.3.RELEASE\5fd5a06deb01db77eb3e9b8e723ccc1e0790c420
How can I fix this issue in IntelliJ?
...ANSWER
Answered 2020-Aug-24 at 20:54When you get an error about could not resolve dependencies in gradle, then there are several things you need to check.
- Proxy settings (should be inside
gradle.properties) - Permission for creating directories (particularly in
%GRADLE_HOME%\caches\modules-2\files-2.1)
For the problem of proxy setting, simply set values for the following fields inside gradle.properties
QUESTION
I have a springboot app that uses these versions:
ANSWER
Answered 2020-Jul-06 at 23:02You are missing the annotations on DatabaseConfig.java
Which will be something like this.
QUESTION
I have been using HashiCorp Vault for six months now where my all the secrets from the configuration service. I was connecting all my client services using spring.cloud.config.token but the problem came when the vault token expires every 30 days or so. For lower environment, token expiry is acceptable as we can redeploy again and again but PRODUCTION, we cannot redeploy. Hence, it was decided that using AWS IAM role, one can connect to vault and there wont be any expiration.
I have followed this official link but I am facing the below issue when I am starting the application.
I have googled about it but didn't get a working solution.
I am using the below code in bootstrap.yml file in my client service (my-client-service)
bootstrap.yml
...ANSWER
Answered 2020-Jun-26 at 13:01I fixed this issue after updating my vault policy with the below configuration:
QUESTION
I have configured spring boot application to take properties from my environment but strangely I am facing an error while starting my application.
I have added the properties in my ~/.bash_profile and also did source ~/.bash_profile after adding them to the profile.
This is how my bootstrap.properties look like:
...ANSWER
Answered 2020-May-02 at 10:56The root cause of the problem can be found form this error message:
QUESTION
I am using GCP IAM auth method to authenticate against vault. I followed the steps as suggested in vault gcp authto authenticate using a Service Account
I was able to successfully authenticate and login. But when I try to read the secrets from the specified path, it says permission denied.
...ANSWER
Answered 2020-Jan-28 at 10:45It was the policy setting. I updated it to below and it worked! Specific path instead of *.
QUESTION
The spring-cloud-vault Lease lifecycle management (renewal and revocation) documentation states that:
spring.cloud.vault.config.lifecycle.min-renewal: sets the duration that is at least required before renewing a lease. This setting prevents renewals from happening too often.
spring.cloud.vault.config.lifecycle.expiry-threshold: sets the expiry theshold. A lease is renewed the configured period of time before it expires.
I'm having a hard time understanding the difference between these two configuration options. It would be helpful to be given an example of how each of these parameters affects the lease renewal lifecycle. For example: it seems pretty clear to me that if the lease TTL is 10 minutes, and if the expiry-threshold is set to 1 minute, then 9 minutes after the lease is acquired spring-cloud-vault would renew the lease. But if that it true what is the purpose for the min-renewal configuration parameter?
...ANSWER
Answered 2020-Jan-08 at 18:02The expiry threshold controls the renewal time at which the lease is renewed.
For example: it seems pretty clear to me that if the lease TTL is 10 minutes, and if the expiry-threshold is set to 1 minute, then 9 minutes after the lease is acquired spring-cloud-vault would renew the lease.
Your understanding is correct.
What's about min-renewal?
When the remaining validity time of your lease is less than 1 minute (say 30 seconds), then the calculated renewal time would be 30 seconds in the past (or now, as we cannot schedule things to happen in the past). min-renewal helps to debounce renewal requests. This is because, in such a scenario, refresh happens immediately.
Once renewed, SecretLeaseContainer schedules a subsequent renewal that reports a lease validity of slightly less than 30 seconds. We don't want to create a loop that hammers your Vault server with renewal requests if the remaining lease duration is less than expiry-threshold.
Example:
expiry-threshold: 60 secondsmin-renewal: 10 seconds
The following list of events shows with a time correlation what happens at which time assuming the TTL is final and cannot be extended:
- 10:00:00 Lease obtained. TTL 10 minutes (600 seconds). Schedule lease renewal in 9 minutes (
10 minutes TTL - 1 minuteexpiry threshold ->9 minutes) - 10:09:00 Lease renewed. Remaining TTL 1 minute (60 seconds). Schedule lease renewal in 10 seconds (
1 minute TTL - 1 minuteexpiry threshold -> 0 minutes. Fall back to10 secondsmin-renewal as that is the larger value ->10 seconds). - 10:09:10 Lease renewed. Remaining TTL 50 seconds. Schedule lease renewal in 10 seconds (
50 seconds TTL - 1 minuteexpiry threshold ->-10 seconds. Fall back to 10 seconds min-renewal as that is the larger value -> 10 seconds). - (continue until reaching
10 seconds) - 10:09:50 Lease renewed. Remaining TTL less than
10 seconds. Min-renewal is greater than the remaining TTL and the lease is considered expired.
Example where expiry threshold is greater than min-renewal:
expiry-threshold: 5 minutes (180 seconds)min-renewal: 6 minutes (360 seconds)
The following list of events shows with a time correlation what happens at which time assuming the TTL is final and cannot be extended:
10:00:00 Lease obtained. TTL
10 minutes(600 seconds). Schedule lease renewal in 6 minutes (10 minutes TTL - 5 minuteexpiry threshold ->5 minutes. Min-renewal is set to 6 minutes to issue a renewal at most once in6 minutes->6 minutes)10:06:00 Lease obtained. TTL
4 minutes(360 seconds). Schedule lease renewal in 6 minutes (4 minutes TTL - 5 minuteexpiry threshold ->-1 minutes.6 minutesmin-renewal as that is the is greater than the remaining TTL so the lease is considered expired)
Community Discussions, Code Snippets contain sources that include Stack Exchange Network
Vulnerabilities
No vulnerabilities reported
Install spring-cloud-vault
wget, openssl and unzip
at least Java 8 and a properly configured JAVA_HOME environment variable
Root CA
Vault Certificate (decrypted key work/ca/private/localhost.decrypted.key.pem and certificate work/ca/certs/localhost.cert.pem)
Spring Cloud Vault Config requires SSL certificates and a running Vault instance listening on localhost:8200. Certificates and the Vault setup are scripted, the scripts are located in src/test/bash. The following scripts need to be run prior to building the project for the tests to pass. Leave Vault uninitialized, the tests will initialize and unseal Vault. They will also create a root token 00000000-0000-0000-0000-000000000000. Changes to the documentation should be made to the adocs found under docs/src/main/asciidoc/. README.adoc can be re-generated via the following. This script requires ruby and the asciidoctor gem installed (gem install asciidoctor).
In order to setup Intellij you should import our coding conventions, inspection profiles and set up the checkstyle plugin. The following files can be found in the Spring Cloud Build project. Go to File → Settings → Editor → Code style. There click on the icon next to the Scheme section. There, click on the Import Scheme value and pick the Intellij IDEA code style XML option. Import the spring-cloud-build-tools/src/main/resources/intellij/Intellij_Spring_Boot_Java_Conventions.xml file. Go to File → Settings → Editor → Inspections. There click on the icon next to the Profile section. There, click on the Import Profile and import the spring-cloud-build-tools/src/main/resources/intellij/Intellij_Project_Defaults.xml file. To have Intellij work with Checkstyle, you have to install the Checkstyle plugin. It’s advisable to also install the Assertions2Assertj to automatically convert the JUnit assertions.
Default Checkstyle rules
File header setup
Default suppression rules
Project defaults for Intellij that apply most of Checkstyle rules
Project style conventions for Intellij that apply most of Checkstyle rules
checkstyle.header.file - please point it to the Spring Cloud Build’s, spring-cloud-build-tools/src/main/resources/checkstyle-header.txt file either in your cloned repo or via the https://raw.githubusercontent.com/spring-cloud/spring-cloud-build/master/spring-cloud-build-tools/src/main/resources/checkstyle-header.txt URL.
checkstyle.suppressions.file - default suppressions. Please point it to the Spring Cloud Build’s, spring-cloud-build-tools/src/checkstyle/checkstyle-suppressions.xml file either in your cloned repo or via the https://raw.githubusercontent.com/spring-cloud/spring-cloud-build/master/spring-cloud-build-tools/src/checkstyle/checkstyle-suppressions.xml URL.
checkstyle.additional.suppressions.file - this variable corresponds to suppressions in your local project. E.g. you’re working on spring-cloud-contract. Then point to the project-root/src/checkstyle/checkstyle-suppressions.xml folder. Example for spring-cloud-contract would be: /home/username/spring-cloud-contract/src/checkstyle/checkstyle-suppressions.xml.
Support
Reuse Trending Solutions
Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from over 650 million Knowledge Items
Find more librariesStay Updated
Subscribe to our newsletter for trending solutions and developer bootcamps
Share this Page
