search

spring-cloud / spring-cloud-vault

Configuration Integration with HashiCorp Vault
http://cloud.spring.io/spring-cloud-vault/
Apache License 2.0
270 stars 151 forks source link

[Enhancement request] merge spring.cloud.vault scheme+host+port property #670

Closed patpatpat123 closed 1 year ago

patpatpat123 commented 1 year ago

Is your feature request related to a problem? Please describe. Nothing frustrating, this project is pretty cool actually. But just wanted to start an enhancement request to make the property management better / simpler.

Currently, if one needs to customize the information regarding Vault backend, such as scheme, host, port, this has to be done via three separate properties:

spring:
  cloud:
    vault:
      scheme: https
      host: mycustomvault.com
      port: 1234
  config:
    import: vault://

The three properties are very well made, with default values.

However, one same information is scattered within three different places. This also leaves room for guesses if one of the three is not explicitly configured.

Describe the solution you'd like A solution backward compatible with the existing properties, where maybe a new property can be introduced, some kind of spring.cloud.vault.schemeHostPort=https://mycustomvault.com:1234 which would facilitate this configuration management.

An even better solution would be to merge this information with

spring.config.import=vault://https://mycustomvault.com:1234 something like that, which makes more use of the property spring.config.import=vault://

Describe alternatives you've considered Looking at alternative in the Spring data portfolio, as well as Spring Kafka, many supports this one configuration where all information can be configured at once.

If not anything else, just wanted to say thank you to this cool project

mp911de commented 1 year ago

I've also considered a spring.config.import=vault://mycustomvault.com:123 style. This would lead to the possibility of using various host names and ports such as spring.config.import=vault://mycustomvault.com:123,vault://another.one:8100.

Vault is stateful in terms of its session. We have a singleton session manager that is wired towards the endpoint and introducing hostname and port support for vault:// imports would introduce a whole new level of complexity that is rarely asked for.

In regard to schemeHostPort: Have you seen the spring.cloud.vault.uri property?

Example 2. application.yml

spring.cloud.vault:
    host: localhost
    port: 8200
    scheme: https
    uri: https://localhost:8200
    connection-timeout: 5000
    read-timeout: 15000
    config:
spring.config.import: vault://
  • host sets the hostname of the Vault host. The host name will be used for SSL certificate validation
  • port sets the Vault port
  • scheme setting the scheme to http will use plain HTTP. Supported schemes are http and https.
  • uri configure the Vault endpoint with an URI. Takes precedence over host/port/scheme configuration
patpatpat123 commented 1 year ago

Hello @mp911de ,

The explanation is very clear. I didn't know about spring.cloud.vault.uri, many thanks for that.

With that said, I am still hopeful for a full integration, something like spring.config.import=vault://mycustomvault.com:123, as we do have this use case.

I understand it is not a popular demand, hence closing, but I will come back from time to time with a bit of hope it can help someone else as well.

Good day!