Was using quarkus-file-vault extension to handle passwords for databases.
This extension is being retired in favor of SmallRye Config. So I tried to do the same that was possible to do with quarkus-file-vault extension using only Config Source Keystore and Secret Keys.
So, created keystore handling:
smallrye.config.source.keystore.db.path = db.p12
smallrye.config.source.keystore.db.password = ${DB_VAULT_SECRET}
This works, and I can get passwords programmatically with:
@Inject
Config config;
...
config.getValue("aliasinvault", String.class);
But I can't find how to inject password (from keystore) in database configuration (application.properties):
quarkus.datasource.db.username = ${DB_USERNAME}
quarkus.datasource.db.password = ???
quarkus.datasource.db.credentials-provider = ???
Normally it should be done with CredentialsProvider, but I didn't find any reference for this interface on SmallRye Config source code, so, alternatively, managed to do this creating a custom CredentialsProvider based on same logic done in quarkus-file-vault extension.
Finally, my question is: How can I do it without a custom CredentialsProvider?
Thanks!
First, configure your Config Source Keystore:
smallrye.config.source.keystore.secrets.path = /path/to/keystore
smallrye.config.source.keystore.secrets.password = keystore_password
This will load all entries in keystore and add them as Config Source entries. Each entry alias will become config key.
So, considering you have a keystore entry with alias `db_user`, do this in your datasource configs:
quarkus.datasource.db1.password = ${db_user}
Putting it all together using environment variables:
smallrye.config.source.keystore.secrets.path = ${VAULT_PATH}
smallrye.config.source.keystore.secrets.password = ${VAULT_SECRET}
quarkus.datasource.db1.password = ${${VAULT_DB1_ALIAS}}