javaspring-boothashicorp-vaultspring-cloud-config-server

Integrating Spring Cloud Config Server with vault backend giving I/O error on GET request with connection refused


I am trying to make spring cloud config server work with vault backend. I am not trying to integrate with local copy of vault. I have enterprise vault which I am trying to connect with. While doing so I am getting

org.springframework.web.client.ResourceAccessException: I/O error on GET request for "https://mydomain:8200/v1/secret/data/configserver": Connect to mydomain:8200 [mydomain/10.223.213.6] failed: Connection refused: connect; nested exception is org.apache.http.conn.HttpHostConnectException: Connect to mydomain:8200 [mydomain/10.223.213.6] failed: Connection refused: connect

My application.yml is as shown below

server:
  port: 8888
spring:
  application:
    name: configserver
  profiles:
    active: vault
  cloud:
    config:
      server:
        vault:
          host: mydomain
          scheme: https
          skipSslValidation: true
          namespace: mynamespace
          authentication: token
          token: mytoken
          kv-version: 2

My POM file is as below

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>
    <parent>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-parent</artifactId>
        <version>2.7.0</version>
        <relativePath/> <!-- lookup parent from repository -->
    </parent>
    <groupId>com.project.medical</groupId>
    <artifactId>config-server</artifactId>
    <version>0.0.1-SNAPSHOT</version>
    <name>Config-Server</name>
    <description>Config-Server Demo Project</description>
    <properties>
        <java.version>11</java.version>
        <spring-cloud.version>2021.0.3</spring-cloud.version>
    </properties>
    <dependencies>
        <dependency>
            <groupId>org.springframework.cloud</groupId>
            <artifactId>spring-cloud-config-server</artifactId>
        </dependency>

        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-test</artifactId>
            <scope>test</scope>
        </dependency>
    </dependencies>
    <dependencyManagement>
        <dependencies>
            <dependency>
                <groupId>org.springframework.cloud</groupId>
                <artifactId>spring-cloud-dependencies</artifactId>
                <version>${spring-cloud.version}</version>
                <type>pom</type>
                <scope>import</scope>
            </dependency>
        </dependencies>
    </dependencyManagement>

    <build>
        <plugins>
            <plugin>
                <groupId>org.springframework.boot</groupId>
                <artifactId>spring-boot-maven-plugin</artifactId>
            </plugin>
        </plugins>
    </build>

</project>

Once the project is build I am trying to hit http://localhost:8888/configserver/default

I dont understand how /8200/v1/secret/data is getting concatenated to my domain uri. I have tried to hit the service via postman and pass the "X-Config-Token" in the header but getting same exception. I also removed the vault config dependency from POM after reading the spring documentation. Any help to guide me in the right direction would be much appreciated. Thank You!


Solution

  • Answering my own questions but found the solution to be very straight forward. Just follow the directions stated here and you should be just fine on your journey to make spring cloud config server work with vault backend.

    1. In my application.yml just added kvVersion: 1, backend: "Vault directory under which your profile resides", defaultKey: "Profile directory inside which your secrets resdies"

    2. Passed the cert.jks and its password as environment variables in the java run command.

    java -jar spring-cloud-config-service.jar -Djavax.net.ssl.trustStore=C://MyProjects//spring-cloud-config-service//cert.jks -Djavax.net.ssl.trustStorePassword=changeit