cloud-vault | PGP-based password manager | Frontend Framework library
kandi X-RAY | cloud-vault Summary
kandi X-RAY | cloud-vault Summary
PGP-based password manager (using Keybase.io)
Support
Quality
Security
License
Reuse
Top functions reviewed by kandi - BETA
Currently covering the most popular Java, JavaScript and Python libraries. See a Sample of cloud-vault
cloud-vault Key Features
cloud-vault Examples and Code Snippets
Community Discussions
Trending Discussions on cloud-vault
QUESTION
I have many spring boot microservices and I have developed a new project that has Spring-Vault
as a dependency. This new project (say vault-client-spring
) is developed in order to have common configuration for setting up of Vault and use it in all of the microservices and I have published the jar in private maven hosted repository in my organization.
My problem is when I add this jar as dependency in any microservices, the application is not starting throwing the following error. The Spring-Cloud-Vault
dependencies are not imported to my consuming projects. I've also added the necessary properties requrired starting with prefix spring.cloud.vault
in bootstrap.yml
file.
Here's my build.gradle
file for vault-client-spring
.
ANSWER
Answered 2021-Apr-05 at 11:24I found it myself. Since I'm developing as "library", I have to allow Spring-Vault dependencies to get included in consuming applications. As per Gradle's java-library plugin, I used api
dependency. The consuming applications can able to access and bootstrap them.
QUESTION
In my Spring Boot project, I defined 4 profiles
- demo
- dev
- test
- prod
properties in YAML files will be replaced by HashiCorp Vault properties during startup. For this, I use Spring Cloud Vault library. Everything works as expected in Spring Boot 2.3.x
When I try to upgrade the project to Spring Boot 2.4.0 with Spring Cloud Vault 3.0.0-SNAPSHOT version, the properties are not being replaced
bootstrap.yml
...ANSWER
Answered 2020-Nov-30 at 18:57As pointed put by Nicoll, With Spring Cloud Vault 3.0 and Spring Boot 2.4, the bootstrap context initialization (bootstrap.yml, bootstrap.properties) of property sources was deprecated. This can be fixed in one of the 2 ways
- Use Spring Boot 2.4.0 Config Data API to import configuration from Vault
- Enable the bootstrap context either by setting the configuration property
spring.cloud.bootstrap.enabled=true
or by including the dependencyorg.springframework.cloud:spring-cloud-starter-bootstrap
1. Use Spring Boot 2.4.0 Config Data API
Move bootstrap.yml configuration to application.yml and define spring.config.import
to import all profiles. And it looks like below
QUESTION
I have a project that adopts Spring Vault to fetch credential. Dependencies of the project are as following and build.gradle
file is generated automatically afterwards.
When I build the project I got the error
Could not resolve org.springframework.vault:spring-vault-core:2.2.2.RELEASE.
Possible solution:
- Declare repository providing the artifact, see the documentation at https://docs.gradle.org/current/userguide/declaring_repositories.html
I have checked the libraries by going to the Project Structures and got the weird thing
The weird thing I mean here is about the path of the jar file. It should be something like
%GRADLE_HOME%\caches\modules-2\files-2.1\org.springframework.cloud\spring-cloud-vault-config\2.2.3.RELEASE\5fd5a06deb01db77eb3e9b8e723ccc1e0790c420
How can I fix this issue in IntelliJ?
...ANSWER
Answered 2020-Aug-24 at 20:54When you get an error about could not resolve dependencies in gradle
, then there are several things you need to check.
- Proxy settings (should be inside
gradle.properties
) - Permission for creating directories (particularly in
%GRADLE_HOME%\caches\modules-2\files-2.1
)
For the problem of proxy setting, simply set values for the following fields inside gradle.properties
QUESTION
I have a springboot
app that uses these versions:
ANSWER
Answered 2020-Jul-06 at 23:02You are missing the annotations on DatabaseConfig.java
Which will be something like this.
QUESTION
I have been using HashiCorp Vault for six months now where my all the secrets from the configuration service. I was connecting all my client services using spring.cloud.config.token but the problem came when the vault token expires every 30 days or so. For lower environment, token expiry is acceptable as we can redeploy again and again but PRODUCTION, we cannot redeploy. Hence, it was decided that using AWS IAM role, one can connect to vault and there wont be any expiration.
I have followed this official link but I am facing the below issue when I am starting the application.
I have googled about it but didn't get a working solution.
I am using the below code in bootstrap.yml file in my client service (my-client-service)
bootstrap.yml
...ANSWER
Answered 2020-Jun-26 at 13:01I fixed this issue after updating my vault policy with the below configuration:
QUESTION
I have configured spring boot application to take properties from my environment but strangely I am facing an error while starting my application.
I have added the properties in my ~/.bash_profile
and also did source ~/.bash_profile
after adding them to the profile.
This is how my bootstrap.properties look like:
...ANSWER
Answered 2020-May-02 at 10:56The root cause of the problem can be found form this error message:
QUESTION
I am using GCP IAM auth method to authenticate against vault. I followed the steps as suggested in vault gcp authto authenticate using a Service Account
I was able to successfully authenticate and login. But when I try to read the secrets from the specified path, it says permission denied.
...ANSWER
Answered 2020-Jan-28 at 10:45It was the policy setting. I updated it to below and it worked! Specific path instead of *.
QUESTION
I'm following Vault Configuration
example referring from: https://spring.io/guides/gs/vault-config/. When I am executing the code I am getting below error.
Error:
...ANSWER
Answered 2020-Jan-13 at 16:19Spring Cloud Configuration integrations use the bootstrap context for their configuration. Bootstrap context is configured before spinning up the application context so configuration integrations can load and initialize PropertySource
s that are then used in the application context.
As a consequence, rename your application.properties
to bootstrap.properties
.
QUESTION
The spring-cloud-vault Lease lifecycle management (renewal and revocation) documentation states that:
spring.cloud.vault.config.lifecycle.min-renewal: sets the duration that is at least required before renewing a lease. This setting prevents renewals from happening too often.
spring.cloud.vault.config.lifecycle.expiry-threshold: sets the expiry theshold. A lease is renewed the configured period of time before it expires.
I'm having a hard time understanding the difference between these two configuration options. It would be helpful to be given an example of how each of these parameters affects the lease renewal lifecycle. For example: it seems pretty clear to me that if the lease TTL is 10 minutes, and if the expiry-threshold is set to 1 minute, then 9 minutes after the lease is acquired spring-cloud-vault would renew the lease. But if that it true what is the purpose for the min-renewal configuration parameter?
...ANSWER
Answered 2020-Jan-08 at 18:02The expiry threshold controls the renewal time at which the lease is renewed.
For example: it seems pretty clear to me that if the lease TTL is 10 minutes, and if the expiry-threshold is set to 1 minute, then 9 minutes after the lease is acquired spring-cloud-vault would renew the lease.
Your understanding is correct.
What's about min-renewal
?
When the remaining validity time of your lease is less than 1 minute (say 30 seconds), then the calculated renewal time would be 30 seconds in the past (or now, as we cannot schedule things to happen in the past). min-renewal
helps to debounce renewal requests. This is because, in such a scenario, refresh happens immediately.
Once renewed, SecretLeaseContainer
schedules a subsequent renewal that reports a lease validity of slightly less than 30 seconds. We don't want to create a loop that hammers your Vault server with renewal requests if the remaining lease duration is less than expiry-threshold
.
Example:
expiry-threshold
: 60 secondsmin-renewal
: 10 seconds
The following list of events shows with a time correlation what happens at which time assuming the TTL is final and cannot be extended:
- 10:00:00 Lease obtained. TTL 10 minutes (600 seconds). Schedule lease renewal in 9 minutes (
10 minutes TTL - 1 minute
expiry threshold ->9 minutes
) - 10:09:00 Lease renewed. Remaining TTL 1 minute (60 seconds). Schedule lease renewal in 10 seconds (
1 minute TTL - 1 minute
expiry threshold -> 0 minutes. Fall back to10 seconds
min-renewal as that is the larger value ->10 seconds
). - 10:09:10 Lease renewed. Remaining TTL 50 seconds. Schedule lease renewal in 10 seconds (
50 seconds TTL - 1 minute
expiry threshold ->-10 seconds
. Fall back to 10 seconds min-renewal as that is the larger value -> 10 seconds). - (continue until reaching
10 seconds
) - 10:09:50 Lease renewed. Remaining TTL less than
10 seconds
. Min-renewal is greater than the remaining TTL and the lease is considered expired.
Example where expiry threshold is greater than min-renewal:
expiry-threshold
: 5 minutes (180 seconds)min-renewal
: 6 minutes (360 seconds)
The following list of events shows with a time correlation what happens at which time assuming the TTL is final and cannot be extended:
10:00:00 Lease obtained. TTL
10 minutes
(600 seconds). Schedule lease renewal in 6 minutes (10 minutes TTL - 5 minute
expiry threshold ->5 minutes
. Min-renewal is set to 6 minutes to issue a renewal at most once in6 minutes
->6 minutes
)10:06:00 Lease obtained. TTL
4 minutes
(360 seconds). Schedule lease renewal in 6 minutes (4 minutes TTL - 5 minute
expiry threshold ->-1 minutes
.6 minutes
min-renewal as that is the is greater than the remaining TTL so the lease is considered expired)
QUESTION
I am attempting to setup a Spring Cloud Config Server backed by Spring Cloud Vault secret management. I'm relatively new to Spring but I have tried following instructions and examples here:-
http://cloud.spring.io/spring-cloud-vault-config/
Everything works fine provided you follow the default settings like http, localhost and 8200 for the vault endpoint and tls_disable = 1 to switch off SSL. However these are not practical settings for any real environment and there are few examples anywhere that help with this. Can anyone help with a working example?
I have Successfully set up vault with TLS enable. I have successfully set up a config server that connects using a self signed cert. I can even inject a secret value into the config server and expose it via @Value
and @PostConstruct
.
All of this is working. However when I try to leverage Spring Conig endpoints to access vault, I get the following:-
...ANSWER
Answered 2017-Feb-08 at 14:12As I mention in my response to spensergibb, I have had some success in resolving this myself. Based on his comments I will clarify my intent as it will help with a common understanding of the issue. I am attempting to do two things:-
Stand up a configuration server that uses Vault as a backend, (as opposed to the default GIT backend) and expose the Vault API to client applications (over TLS) so that they can retrieve their own secrets. I do not want all my client applications to connect to Vault directly. I want them to get their configuration from a config server by having the config server connect to Vault. Until last night I was unable to achieve this goal, unless I set everything up as default with TLS disabled and using loopback address, port 8200 for the Vault software etc. Obviously defaults are not practical for any of our deployed environments. I will mention that the link posted by spencergibb does help me understand why this was not working but the subtlety of the reason is why I missed it before. Read on for my explanation.
I want the config server to configure itself from Vault directly. That is, connect to Vault via Spring Cloud Vault Config. This worked right away for me as described in the documentation. However this goal is somewhat trivial as I do not have a real use case at this time. But I wanted to understand if it could be done since I saw no real reason why not and it seemed like good first steps in integrating Vault.
The distinction between these two capabilities helped me understand that the problem derives from the fact that Spring Cloud Config Server and Spring Cloud Vault appear to be using two different beans to inject the Vault configuration properties. Spring Cloud Config Server uses VaultEnvironmentRepository annotated with @ConfigurationProperties("spring.cloud.config.server.vault") and Spring Cloud Vault uses VaultProperties annotated with @ConfigurationProperties("spring.cloud.vault").
This caused me to add two different configs to my bootstrap yml.
Community Discussions, Code Snippets contain sources that include Stack Exchange Network
Vulnerabilities
No vulnerabilities reported
Install cloud-vault
On a UNIX-like operating system, using your system’s package manager is easiest. However, the packaged Ruby version may not be the newest one. There is also an installer for Windows. Managers help you to switch between multiple Ruby versions on your system. Installers can be used to install a specific or multiple Ruby versions. Please refer ruby-lang.org for more information.
Support
Reuse Trending Solutions
Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from over 650 million Knowledge Items
Find more librariesStay Updated
Subscribe to our newsletter for trending solutions and developer bootcamps
Share this Page