Currently, we only have support for Hashicorp Vault as a KMS provider when using the "stage" or "dev" Spring profiles. This behavior should be part of global configuration instead of part of profiles.
Top-level configuration could look like:
logging:
level:
org:
springframework:
web:
reactive: INFO
client: INFO
server:
port: 8080
spring:
providers: ["vault", "file", "akv"]
provider:
file:
path: /path/to/kek_file
data:
mongodb:
uri: mongodb://user:password@my-mongo:27017/copilot?authSource=admin
cloud:
vault:
config.lifecycle:
enabled: true
min-renewal: 10m # sets the duration that is at least required before renewing a lease. This setting prevents renewals from happening too often.
expiry-threshold: 30m # sets the expiry threshold. A lease is renewed the configured period of time before it expires.
reactive:
enabled: true
kv:
profiles: # disable profile looking
enabled: true
backend: 'ctrlplane'
profile-separator: '/'
default-context: # disable context paths
application-name: copilot # For secrets regarding startup configuration
authentication: APPROLE
uri: https://vault.mydomain.com
connection-timeout: 5000
read-timeout: 15000
app-role:
role-id: 8fb23891-a1bb-4651-9694-d85442fbd3ed
secret-id: 99860ae8-0fe7-4e68-aafd-f51ee8a30c3e
app-role-path: approle
config:
import: vault://
Currently, we only have support for Hashicorp Vault as a KMS provider when using the "stage" or "dev" Spring profiles. This behavior should be part of global configuration instead of part of profiles.
Top-level configuration could look like: