I have been trying to use the authentication method from Hashicorp Vault (from here) in my application to get configurations.
But not able to get any information regarding this authentication type in Spring's docs, examples, etc. Can you please help me out as I need this type of authentication to help me with vault in multiuser environment.
Here is my solution:
Configuration class:
package com.company.myapp.config;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.vault.VaultException;
import org.springframework.vault.authentication.ClientAuthentication;
import org.springframework.vault.support.VaultToken;
import org.springframework.web.client.RestOperations;
import org.springframework.web.client.RestTemplate;
@Configuration
public class VaultConfig {
public static final String LOGIN_PATH = "/v1/auth/userpass/login/";
@Bean
public ClientAuthentication clientAuthentication(@Value("${VAULT_USERNAME}") String username,
@Value("${VAULT_PASSWORD}") String password,
@Value("${spring.cloud.vault.uri}") String host) {
return new UserPassAuthentication(host, LOGIN_PATH, username, password);
}
public static class UserPassAuthentication implements ClientAuthentication {
private RestOperations restOperations = new RestTemplate();
private String url;
private String password;
public UserPassAuthentication(String host, String path, String user, String password) {
this.url = new StringBuilder(host).append(path).append(user).toString();
this.password = password;
}
@Override
public VaultToken login() throws VaultException {
return VaultToken.of(
((Map<String, String>) restOperations.postForEntity(url, new Password(password), Map.class)
.getBody().get("auth")).get("client_token"));
}
}
static class Password {
private String password;
public Password(String password) {
this.password = password;
}
public String getPassword() {
return password;
}
public void setPassword(String password) {
this.password = password;
}
}
resources/bootstrap.properties:
spring.profiles.active=dev
spring.application.name=myapp
spring.cloud.vault.kv.enabled=true
spring.cloud.vault.kv.backend=test-backend
spring.cloud.vault.uri=https://localhost:8200
VAULT_USERNAME=usr
VAULT_PASSWORD=pwd
resources/META-INF/spring.factories
org.springframework.cloud.bootstrap.BootstrapConfiguration=com.company.myapp.config.VaultConfig