Closed tbrantb closed 2 years ago
Actually looking through the code at where I might be able to make such a change, it appears its already in there exactly as I suggested in VaultConfigDataLocationResolver. There is a PropertyTransformer which will prefix vault keys with the value from a prefix
query param. This would be nice to add to the docs somewhere.
config:
import: vault:///secret/rds/db1/dev/svc_xyz_account?prefix=xyz.
url: "jdbc:postgresql://db1.foo.bar:5432/db1?currentSchema=db1"
username: \${xyz.username}
password: \${xyz.password}
Looks like this was a duplicate of https://github.com/spring-cloud/spring-cloud-vault/issues/488
spring-cloud-vault allows me to pull in secrets from multiple vault paths by comma separating the paths.
This is great, but I run into a problem when those 2 paths have the same keys "Username" and "Password". My spring boot projects sometimes have multiple data sources. Our systems team has automation that creates databases, service accounts and published service account information into vault. The structure is the same for each a format like the following:
Each has a "username" and a "password" key
Examples:
When I populate 2 data sources in my application.yml file each of them point to the same key name:
Given these keys conflict, the values read from the last path specified in spring.config.import are taken. Is there some way I can provide more context either when using the value from the config or map a prefix of some kind to each path?
Not pretty, but something like:
Thoughts? Ideas?