First, I set the bootstrap.yml file of my Spring Cloud Config Server, then start it in my IDEA.
spring:
application:
name: config-server
profiles:
active:
# this value set can refer to : https://docs.spring.io/spring-cloud-config/docs/2.2.x/reference/html/#vault-backend
- vault
cloud:
config:
server:
vault:
port: "8200"
host: "127.0.0.1"
kv-version: 2
server:
port: 8071
then, I execute the following command (this command pulls the 1.13.2 version docker image of Vault):
docker run --cap-add=IPC_LOCK -d -p 8200:8200 --name vault -e 'VAULT_DEV_ROOT_TOKEN_ID=myroot' -e 'VAULT_DEV_LISTEN_ADDRESS=0.0.0.0:8200' vault
next, I set my secret property in Vault Web UI by accessing following url:
http://localhost:8200/ui/vault/auth
I use myroot login, and enable a secret engine (kv) which version is 2, path is licensing-service .
Next, I set the path for this secret is default and the secret data is license.vault.property (key) 、Welcome to Vault (value).
After saving, I run the following command line:
curl -X "GET" "http://localhost:8071/licensing-service/default" -H "X-Config-Token: myroot"
But I can't get the secret property, only get the following response:
{"name":"licensing-service","profiles":["default"],"label":null,"version":null,"state":null,"propertySources":[]}%
Who can tell why? The correct response should be this:
{
"name":"licensing-service",
"profiles":["default"],
"label":null,
"version":null,
"state":null,
"propertySources":[
{
"name": "vault:licensing-service",
"source": {
"license.vault.property": "Welcome to Vault"
}
}
]
}
I expect one person can tell me the reason,why I can not get the expected result?
first update:
I try another way again in this morning, I use the following cURL command, which got the correct response containing my property:
curl -X "GET" "http://localhost:8200/v1/licensing-service/data/default" -H "X-Vault-Token: myroot"
the response:
{
"request_id":"718e7a63-990e-3e46-5c94-17404528c824",
"lease_id":"",
"renewable":false,
"lease_duration":0,
"data":{
"data":{
"license.vault.property":"Welcome to Vault"
},
"metadata":{
"created_time":"2023-04-30T05:09:44.840180099Z",
"custom_metadata":null,
"deletion_time":"",
"destroyed":false,
"version":2
}
},
"wrap_info":null,
"warnings":null,
"auth":null
}
In this case, it seems like the problem is with Spring Cloud ?
These are the errors in the book(spring microservices in action,second edtion). The secret engine's name corresponds to the backend (spring.cloud.config.server.vault.backend) property, thus it must be configured in your bootstrap.yml file. Furthermore, the secret created under the licensing-service secret engine ought to be named licensing-service instead of default, given that it corresponds to the application's name rather than profiles(spring.profiles.active).
If you require the utilization of Hashicorp Vault as a backend repository for Spring Cloud Config Server within multiple environments (for instance, dev, stage, prod), please refer to the following: https://discuss.hashicorp.com/t/architecture-multiple-environments/26565.
appendix:
you can try spring.cloud.config.server.vault.scheme=https, then when you use curl command, an error message will be displayed, and you will be able to locate a link similar to "https://127.0.0.1:8200/v1/licensing-service/data/licensing-service. The first instance of licensing-service in this link pertains to the secret engine's name, whereas the second instance of licensing-service corresponds to the application or service name.