spring-vault | Provides familiar Spring abstractions for HashiCorp Vault | Identity Management library
kandi X-RAY | spring-vault Summary
kandi X-RAY | spring-vault Summary
Spring Vault provides client-side support for accessing, storing and revoking secrets. With HashiCorp’s Vault you have a central place to manage external secret data for applications across all environments. Vault can manage static and dynamic secrets such as application data, username/password for remote applications/resources and provide credentials for external services such as MySQL, PostgreSQL, Apache Cassandra, Consul, AWS and more.
Support
Quality
Security
License
Reuse
Top functions reviewed by kandi - BETA
- Registers the bean definitions
- Returns the annotation attributes for repeatable class
- Create bean definition
- Encode batch operations in batch
- Encode a plaintext plaintext
- Encode a plaintext string
- Performs a patch on the specified path
- Perform a GET call with the specified path and response type
- Get the value of the vault response
- Perform a get operation with the given path and response type
- Schedules the renew token
- Creates a new user ID
- Inserts an object with the given id
- Handle a secret event
- Gets a policy by name
- Creates or updates a policy
- Returns a pageable page of revisions
- Wrap the specified object with TTL
- Deletes the specified entity instance
- Initialize the properties from the vault
- Fetch properties from vault
- Returns client authentication
- Registers the root bean definitions for the root repository
- Updates an existing key - value pair
- Returns an iterator over all entries in a keyspace
- Reads an object from the input stream
spring-vault Key Features
spring-vault Examples and Code Snippets
Community Discussions
Trending Discussions on spring-vault
QUESTION
We are using config server with Vault backend to fetch application secrets.
Config server project is using spring-vault-core dependency and spring-vault-dependencies dependency management for Vault.
Vault related config in application yml file is as follows:
...ANSWER
Answered 2022-Feb-04 at 13:28You can take a look to the composite profile.
There are a lot of additional questions - what exactly you are trying to do, and why do you want to have this?
For us, for example, it was important to split infra services configurations and also split, actually, microservices configurations by itself. And, important requirement, to be able to "overwrite" it (in case of migrations, for instance).
We have achieve that with two things:
- on config server side we are using
compositeconfiguration (with exactly the sametypeanduri, but little bit differentbackendandkeys), - on config client's side we are specifying several values for
spring.cloud.config.nameproperty (coma separated list).
QUESTION
I'm trying to retrieve secrets from vault using the AppRole authentication. But I get the error :
java.lang.IllegalArgumentException: URI is not absolute
What I do is create a vaultEndpoint then depending on the method choosen I use token authentication or AppRole authentication. There's no issue with the token authentication, however whenever I try to retrive a secret or even get the vaultToken to login with AppRole the URI is not absolute error occurs.
I 've seen in https://docs.oracle.com/javase/8/docs/api/java/net/URI.html that an URI is absolute when it specifies a scheme otherwise it is relative. But I think that my URI is specifing a scheme.
So I'm a bit lost here. Does anyone know what I am doing wrong ? Or why I get this error ?
I use spring-vault-core-2.2.0.RELEASE
Here's my code :
...ANSWER
Answered 2021-Apr-15 at 13:31I managed to fix my problem, I updated the original post to share the answer.
QUESTION
I have many spring boot microservices and I have developed a new project that has Spring-Vault as a dependency. This new project (say vault-client-spring) is developed in order to have common configuration for setting up of Vault and use it in all of the microservices and I have published the jar in private maven hosted repository in my organization.
My problem is when I add this jar as dependency in any microservices, the application is not starting throwing the following error. The Spring-Cloud-Vault dependencies are not imported to my consuming projects. I've also added the necessary properties requrired starting with prefix spring.cloud.vault in bootstrap.yml file.
Here's my build.gradle file for vault-client-spring.
ANSWER
Answered 2021-Apr-05 at 11:24I found it myself. Since I'm developing as "library", I have to allow Spring-Vault dependencies to get included in consuming applications. As per Gradle's java-library plugin, I used api dependency. The consuming applications can able to access and bootstrap them.
QUESTION
For a project we are sending some events to kafka. We use spring-kafka 2.6.2.
Due to usage of spring-vault we have to restart/kill the application before the end of credentials lease (application is automatically restarted by kubernetes). Our problem is that when using applicationContext.close() to proceed with our gracefull shutdown, KafkaProducer gets an InterruptedException Interrupted while joining ioThread inside it's close() method. It means that in our case some pending events are not sent to kafka before shutdown as it's forced to close due to an error during destroy.
Here under a stacktrace
...ANSWER
Answered 2021-Jan-05 at 21:58future.cancel(true);
This is interrupting the producer thread and is likely the root cause of the problem.
You should use future.cancel(false); to allow the task to terminate in an orderly fashion, without interruption.
QUESTION
In my Spring Boot project, I defined 4 profiles
- demo
- dev
- test
- prod
properties in YAML files will be replaced by HashiCorp Vault properties during startup. For this, I use Spring Cloud Vault library. Everything works as expected in Spring Boot 2.3.x
When I try to upgrade the project to Spring Boot 2.4.0 with Spring Cloud Vault 3.0.0-SNAPSHOT version, the properties are not being replaced
bootstrap.yml
...ANSWER
Answered 2020-Nov-30 at 18:57As pointed put by Nicoll, With Spring Cloud Vault 3.0 and Spring Boot 2.4, the bootstrap context initialization (bootstrap.yml, bootstrap.properties) of property sources was deprecated. This can be fixed in one of the 2 ways
- Use Spring Boot 2.4.0 Config Data API to import configuration from Vault
- Enable the bootstrap context either by setting the configuration property
spring.cloud.bootstrap.enabled=trueor by including the dependencyorg.springframework.cloud:spring-cloud-starter-bootstrap
1. Use Spring Boot 2.4.0 Config Data API
Move bootstrap.yml configuration to application.yml and define spring.config.import to import all profiles. And it looks like below
QUESTION
I have a project that adopts Spring Vault to fetch credential. Dependencies of the project are as following and build.gradle file is generated automatically afterwards.
When I build the project I got the error
Could not resolve org.springframework.vault:spring-vault-core:2.2.2.RELEASE.
Possible solution:
- Declare repository providing the artifact, see the documentation at https://docs.gradle.org/current/userguide/declaring_repositories.html
I have checked the libraries by going to the Project Structures and got the weird thing
The weird thing I mean here is about the path of the jar file. It should be something like
%GRADLE_HOME%\caches\modules-2\files-2.1\org.springframework.cloud\spring-cloud-vault-config\2.2.3.RELEASE\5fd5a06deb01db77eb3e9b8e723ccc1e0790c420
How can I fix this issue in IntelliJ?
...ANSWER
Answered 2020-Aug-24 at 20:54When you get an error about could not resolve dependencies in gradle, then there are several things you need to check.
- Proxy settings (should be inside
gradle.properties) - Permission for creating directories (particularly in
%GRADLE_HOME%\caches\modules-2\files-2.1)
For the problem of proxy setting, simply set values for the following fields inside gradle.properties
QUESTION
I am trying to read secrets from vault using Spring vault cloud. I use a service token type.
In my set-up the max_ttl is set to 1h and ttl to 10 minutes, so the token will be renewed at every 10 minutes till the max_ttl is reached. Once the max_ttl is reached, the token will be dropped/revoked and a new login is performed, receving a new token.
The issue is that when trying to read secrets, the old expired token is still used.
Any idea why this happens?
Using:
- spring-cloud-config-2.2.3
- spring-vault-core-2.2.0
- Kubernetes
ANSWER
Answered 2020-Aug-05 at 14:08The issue does not reproduce anymore as we disable the use of the reactive org.springframework.vault.authentication.ReactiveLifecycleAwareSessionManager in favor of the "classic: one: org.springframework.vault.authentication.LifecycleAwareSessionManager.
For disabling it, we set:
spring.cloud.vault.reactive.enabled=false
QUESTION
I have configured spring boot application to take properties from my environment but strangely I am facing an error while starting my application.
I have added the properties in my ~/.bash_profile and also did source ~/.bash_profile after adding them to the profile.
This is how my bootstrap.properties look like:
...ANSWER
Answered 2020-May-02 at 10:56The root cause of the problem can be found form this error message:
QUESTION
I have an application running in Spring Boot, using Spring Vault to retrieve passwords. It is using KubernetesAuthentication to log in. This worked well until I upgraded to Spring Boot 2.2.5. I then started to get SSLPeerUnverifiedException.
...ANSWER
Answered 2020-Mar-10 at 05:47This was caused by a bug introduced in HttpClient version 4.5.11. Fixed in 4.5.12
Community Discussions, Code Snippets contain sources that include Stack Exchange Network
Vulnerabilities
No vulnerabilities reported
Install spring-vault
curl, openssl and unzip
at least Java 8 and a properly configured JAVA_HOME environment variable
Support
Reuse Trending Solutions
Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from over 650 million Knowledge Items
Find more librariesStay Updated
Subscribe to our newsletter for trending solutions and developer bootcamps
Share this Page
