Closed varkart closed 1 year ago
After investigating the issue, we recommend using @VaultPropertySource
in combination with AbstractVaultConfiguration
to provide the required infrastructure separately from auto-configuration.
With version 3.0 of Spring Cloud Vault, all bootstrap configuration went into regular auto-configuration hence there is no longer a bootstrap context that hosts components required for Vault. The property source registration of @VaultPropertySource
aims to provide config data as early as possible so downstream beans can consume secrets. If we delayed property source registration to a bean postprocessor, then we would resolve the problem of instantiating VaultAutoConfiguration
. At the same time, we would not be able to provide secrets during bean bootstrapping and potential components that require property values from Environment
would not see vault secrets until the context refresh has finished.
TL;DR: Delaying property source registration would render @VaultPropertySource
useless.
This leaves users with two options:
AbstractVaultConfiguration
by providing all configuration early onspring.config.import=vault://secrets/app/user?path=user
Describe the bug
Code with
@VaultPropertySource @Value
that works with spring-cloud-vault before version 3.0; fails to work since 3.0 (haven't noticed any information regarding breaking change in release notes).Versions used
So, the below code stopped working and throw an exception
Exception thrown
Work Around for version >=3.0 Before spring-cloud-vault 3.0 (before ConfigData API) using
@VaultPropertySource
with@Value
was straightforward but since 3.0 spring.config.import seems to be mandatory; if there is at least one VaultPropertySource configured with thespring.config.import
properties in application.yml then all other @VaultPropertySource seem to be automatically working.The reason could be that without
spring.config.import
Spring Cloud Vault thinks ConfigData API isn't enabled and tries to use VaultAutoConfiguration, which fails.Going forward (version > 3.*) is there a better way to use
@VaultPropertySource
Expected Since documentation doesn't point at any breaking changes I expected no code changes are needed in my project when using the newer version or ConfigData API.
(I'm sorry if I'm missing any information and if this isn't an actual bug then any guidance on how to use @VaultPropertySource with the newer version would be appreciated)