hashicorp-vaultspring-cloud-config-serverspring-vaultspring-cloud-vault-config

Config server with Vault backend - fetch secrets from multiple paths


We are using config server with Vault backend to fetch application secrets. Config server project is using spring-vault-core dependency and spring-vault-dependencies dependency management for Vault.

Vault related config in application yml file is as follows:

spring:
  cloud:
    config:
      server:
        vault:
          order: 0
          uri: <complete URI>
          connection-timeout: 5000
          read-timeout: 15000
          kvVersion: 2
          backend: secret
          defaultKey: config

This works fine and fetches me the Vault secrets in secret/config.

I am unable to add secret fetching from multiple paths in Vault (secret/config + secret/customFolder). I have tried adding comma separated application-name etc as suggested across various posts but does not work. Has anyone tried something similar?


Solution

  • You can take a look to the composite profile.

    There are a lot of additional questions - what exactly you are trying to do, and why do you want to have this?

    For us, for example, it was important to split infra services configurations and also split, actually, microservices configurations by itself. And, important requirement, to be able to "overwrite" it (in case of migrations, for instance).

    We have achieve that with two things: