I am trying use Spring boot config server with git and vault and all my spring boot client application will retrieve the vault properties via the config server by passing the vault config token.
I am using the spring boot 2.1.8.RELEASE and below is the POM.xml file for my spring boot config server.
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.1.8.RELEASE</version>
<relativePath /> <!-- lookup parent from repository -->
</parent>
<groupId>com.ps.psc</groupId>
<artifactId>psc-config-server</artifactId>
<version>0.0.1</version>
<name>psc-config-server</name>
<description>Spring configuration server</description>
<properties>
<java.version>1.8</java.version>
<spring-cloud.version>Greenwich.SR2</spring-cloud.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-bus-amqp</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-config-server</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-vault-config</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-config-monitor</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-configuration-processor</artifactId>
<optional>true</optional>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-devtools</artifactId>
</dependency>
</dependencies>
<dependencyManagement>
<dependencies>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-dependencies</artifactId>
<version>${spring-cloud.version}</version>
<type>pom</type>
<scope>import</scope>
</dependency>
</dependencies>
</dependencyManagement>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
The bootstrap.yml file
spring:
profiles:
active:
- git
- vault
cloud:
config:
enabled: true
server:
git:
order: 2
username: ********
password: ********
uri: https://*******@bitbucket.org/krushna/configuration.git
search-paths:
- payment*
vault:
host: 127.0.0.1
port: 8200
scheme: http
order: 1
skip-ssl-validation: true
kv-version: 1
vault:
authentication: TOKEN
token: s.PB5cAJ9WhOuWamIOuFVkzpbl
scheme: http
host: 127.0.0.1
port: 8200
config:
order: 1
My application.yml file
server:
port: 7000
spring:
application:
name: configserver
With the above configuartion my config server is able read the properties only from the GIT not from the vault.
In the vault I have written a properties like below.
vault write secret/payment password=test@123
If I make curl call like below
curl -X "GET" "http://127.0.0.1:7000/payment/default" -H "X-Config-Token: s.PB5cAJ9WhOuWamIOuFVkzpbl"
I am geeting properties from git only, response below.
{
"name": "payment",
"profiles": ["default"],
"label": null,
"version": "e9b941d22f6b7cd3083a731d168f78fa4ec0fc42",
"state": null,
"propertySources": [{
"name": "https://******@bitbucket.org/krushna/configuration.git/application.properties",
"source": {
"foofromGit": "bar"
}
}]
}
What I am doing worng here? I have tried multiple option like differnt KV version, only configuring spring cloude config vault etc.
Edit:
I have used the vault conf like below.
backend "file" {
path = "vault"
}
listener "tcp" {
tls_disable = 1
}
and doing curl to vault driectly I am able to read the value now.
curl -X GET -H "X-Vault-Token:s.PB5cAJ9WhOuWamIOuFVkzpbl" http://127.0.0.1:8200/v1/secret/payment/
response:
{
"request_id": "35c8793e-3530-81c1-7917-3e922ef4065b",
"lease_id": "",
"renewable": false,
"lease_duration": 2764800,
"data": {
"password": "test@123"
},
"wrap_info": null,
"warnings": null,
"auth": null
}
I am able to fix the issue by moving the git and spring cloude config vault configuration details from bootstrap.yml to application.yml like below.
bootstrap.yml
spring:
application:
name: configserver
cloud:
vault:
authentication: TOKEN
token: s.jyFarEyroi5pJNOxPnhT4f3D
scheme: http
host: 127.0.0.1
port: 8200
config:
order: 1
Application.yml
server:
port: 7000
spring:
profiles:
active: git, vault
cloud:
config:
server:
git:
uri: https://krushna@bitbucket.org/krushna/configuration.git
search-paths:
- payment*
vault:
port: 8200
host: 127.0.01
skip-ssl-validation: true
scheme: http
I am still not clear how this fix the issues?, only thing I know that bootstrap will load first, and I am reading the git credential from vault and then application.yml has the other details for the spring cloud config vault and git.
Any explanation on this will be really welcome