Closed tonysparks closed 3 years ago
Please do not subclass AbstravtVaultConfiguration
. Instead, please provide a ClientAuthentication object through the BootstrapRegistryInitializer
API. You just need to register the ClientAuthentication
instance with the registry and Spring Cloud Vault will pick it up.
We were assuming that OIDC/JWT auth is a frontend technology that isn't commonly used between servers.
Thank you for the very quick reply!
I will look into the BootstrapRegistryInitializer
- is there documentation or an example?
Regarding OIDC/JWT - for our use-case it simplifies our secret sharing with our API users. They only need to concern themselves with client credentials vs client credentials + vault credentials.
We have only an initializer for providing a VaultConfigurer
at
We could provide another factory method accepting ClientAuthentication
for easier use. Would you be interested in contributing your JWT authentication implementation to Spring Vault?
I appreciate the help! Here is my code, it probably isn't as robust as it should be -- but should serve as a good starting point.
Thanks!
Attempting to use JWT/OIDC means of authenticating to Vault. This option doesn't appear supported by spring-cloud-vault. I'm forced to create my own implementation of
ClientAuthentication
- which is easy enough, however, I can't seem to get spring-cloud-vault to recognize my implementation.I created this configuration class:
Properties:
Using:
Errors: Complains about my custom
VaultConfiguration
defining vaultTemplate bean:and not surprising, requests to Vault don't include a token:
When I remove my custom
VaultConfiguration
class and useAPPROLE
configuration, everything works fine.Any ideas?
Thank you!