mp911de
commented
5 months ago {cipher} isn't supported by Spring Cloud Vault. TextEncryptorHandler is tied to a local KeyStore and not intended for usage with Vault.
Taking a step back, Vault isn't so much intended for being crypto-as-a-service, the intended usage is to store secrets in Vault directly so that there's no need to perform a roundtrip to Vault in order to decrypt data from config properties.
I am trying to encrypt the SSL keystore and truststore password of Vault Properties. But when I am using {cipher} prefix with encrypted properties it's not getting decrypted and the application is failing to start.
Can VaultProperties Data Binder in VaultConfigDataLocationResolver class support TextEncryptorHandler similar to config server properties so that the ciphers gets automatically decrypted upon binding?