I am trying to use HashiCorp Vault using Spring Cloud Vault on Spring Boot project. I configured my bootstrap.yml file to use app role and secret id to get passwords
bootstrap.yml
spring:
application:
name: pres
cloud:
vault:
authentication: APPROLE
app-role:
role-id: ${role-id}
secret-id: ${secret-id}
role: pres-read
app-role-path: approle
uri: https://hostname:8200
kv:
enabled: true
backend: secret
application-name: pres
profiles:
include: dev
During startup I get the following exception
org.springframework.vault.authentication.VaultLoginException: Cannot login using org.springframework.web.client.ResourceAccessException: I/O error on POST request for "https://hostname:8200/v1/auth/approle/login": extension (5) should not be presented in certificate_request; nested exception is javax.net.ssl.SSLHandshakeException: extension (5) should not be presented in certificate_request
I am using spring-cloud-starter-vault-config dependency to access the vault
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-vault-config</artifactId>
<version> 2.2.2.RELEASE</version>
</dependency>
Okay. It looks like this is a Java TLS Bug, hoping java team will fix this in Java 11.0.8.
Update: The issue was fixed in latest Java 11 versions