search

spring-cloud / spring-cloud-vault

Configuration Integration with HashiCorp Vault
http://cloud.spring.io/spring-cloud-vault/
Apache License 2.0
270 stars 151 forks source link

Unable to fetch properties via spring cloud vault using username and password #719

Open ENate opened 5 months ago

ENate commented 5 months ago

I am working on a microservices spring boot application using spring cloud config as a centralized properties server. I decided to add a database backend to the spring config server so that services can connect using a username and password before fetching properties from the config server. I also decided to save secrets (username, password, etc) for all services on Hashicorp vault. Everything works fine if I pass the actual values (for my username and passwords) via spring.config.import or spring.config.uri. But I am unable to fetch the properties when I replace the actual username and password values with their corresponding keys (stored in the Hashicorp Vault Secrets). The configurations on my spring config server `application.yml are:

erver:
    port: 8888
    error:
        include-message: always
        include-binding-errors: always

spring:
    profiles:
        active: git, vault
    # security config
    data:
        mongodb:
            uri: mongodb+srv://${DB_NAME}:${DB_PASS}@host:port

    # application name
    application:
        name: config-server
    cloud:
        config:
            server:
                vault:
                    host: 127.0.0.1
                    port: 8200
                    scheme: http
                    authentication: TOKEN
                    token: 
                    order: 1
                    # kv:
                    # enabled: true
                    profile-separator: '/'
                    backend: secret
                    kvVersion: 2
                git:
                    uri: https://github.com/ENate/repo-config-server
                    default-label: main
                    username: ${GIT_USER}
                    password: ${GIT_PASSWORD}
                    order: 2

While on a spring boot microservice, I am unable to connect or fetch properties if I use:

spring:
    # profiles:
    #    active: git
    application:
        name: spring-boot-service
    cloud:
        # vault:
        #    authentication: TOKEN
        #    token: hvs.mytokenvalue
        config:
            username: ${CONFIG_SERVER_USR}
            password: ${CONFIG_SERVER_PWD}
            fail-fast: true
            retry:
                initial-interval: 3000
                multiplier: 1.3
                max-interval: 10000
                max-attempts: 20
            # uri: http://${CONFIG_SERVER_USR}:${CONFIG_SERVER_PWD}@${app.config-server.host}:${app.config-server.port}
    config:
        import: configserver:http://${CONFIG_SERVER_USR}:${CONFIG_SERVER_PWD}@${app.config-server.host}:${app.config-server.port}

But passing the username and password directly like so:

spring:
    config:
        import: configserver:http://myUsername:myPassword@localhost:8888

seem to work. How can I fix this issue: so as to pass the keys (for username and password) I saved in the Vault server instead of hard coding their values in the bootstrap.yml and/or `application.yml files? Thanks