Closed qbeukes closed 3 years ago
One workaround to our issue is to specify a custom bootstrap.yml in each environment, using -Dspring.cloud.bootstrap.additional-location=/etc/config/bootstrap.yml
But I'm still curious as to why spring-cloud-vault requires configs to be loaded in bootstrap and if there are any ways to get my configs into config-server
You can integrate Vault and Config server in different styles:
EnvironmentRepository
that is operated through config server and Config server is going to fetch the secrets for you. However, that works only for key-value repositories.With storing the Vault endpoint in your config server, you might run into a chicken-and-egg problem since you need to ensure proper ordering. Depending on the config organization, you need information from Vault to access config server, but you might also need config server first to determine the Vault server endpoint.
You might be interested in checking out Spring Boot's Config Data API which is described here: https://spring.io/blog/2020/08/14/config-file-processing-in-spring-boot-2-4
@mp911de Thanks for the information. I think the additional-location option will be the best going forward.
PS. Next time I'll ask for support in stackoverflow. I forgot the official spring support is on stackoverflow. So if you wish you can remove this issue since I learned what I needed.
We have the same application running with different configurations in many environments. It is not practical to give all possible configurations for database secrets in the bootstrap.yml, so we're hoping to get spring-cloud-vault to load it's configuration from config-server.
This doesn't seem work out of the box because org.springframework.cloud.vault.config.databases.VaultConfigDatabaseBootstrapConfiguration is needed to fetch the secrets and populate the properties for config-server to be able to resolve them.
Is there any specific reason why this needs to happen during bootstrap and is there a possible way to let this coincide with loading config-server?