Open jschell96 opened 11 months ago
In Spring Cloud vault, we keep a single RestTemplateFactory
/WebClientFactory
instance that holds all configuration. If we update the config to set default headers, then headers are applied to all RestTemplate
/WebClient
instances produced from our factories.
We need to come up with a proper design approach without introducing too much complexity on our end and I expect this can take a while.
@jschell96 @mp911de I also need to use different namespaces in both login and vault-get in Spring Vault. Can you please share some ref on how did you achieve this?
Problem Description With the release of Vault 1.13.0 it's possible to share secrets between namespaces without an hierachical relationship. See documentation. For Auth Methods (other than Token, e.g. Kubernetes) the Namespace is required for the login. For importing secrets without the namespace a full path is needed. If the namespace is set in the vault configuration the 'X-Vault-Namespace' header is set for every request. Therefore its not possible to read secrets with an full qualified path.
Desired Solution It would be nice to set the namespace for the login only.
So we could reference the secrets like:
Workaround In order to make this possible we found following workaround:
Register a custome WebClientFactory in the Application Class:
Creating an CustomVaultWebClientFactory:
Adding an ExchangeFilterFunction (Interceptor) to the (Kubernetes) auth method: