Spring Cloud Vault

Spring Cloud Vault Config provides client-side support for externalized configuration in a distributed system. With HashiCorp's Vault you have a central place to manage external secret properties for applications across all environments. Vault can manage static and dynamic secrets such as username/password for remote applications/resources and provide credentials for external services such as MySQL, PostgreSQL, Apache Cassandra, MongoDB, Consul, AWS and more.

Quick Start
Fork me on GitHub

Features

Quick Start

Download

The recommended way to get started using spring-cloud-vault in your project is with a dependency management system – the snippet below can be copied and pasted into your build. Need help? See our getting started guides on building with Maven and Gradle.

To get started with Spring Cloud Vault, simply include a build dependency.

For example, typical POM dependencies would be:

<dependency>
    <groupId>org.springframework.cloud</groupId>
    <artifactId>spring-cloud-starter-vault-config</artifactId>
</dependency>

then configure your Vault endpoint and authentication

bootstrap.yml for Token-based authentication

spring.application.name=my-application
spring.cloud.vault:
    host: localhost
    port: 8200
    scheme: https
    authentication: TOKEN
    token: 

bootstrap.yml for AWS-EC2 authentication

spring.application.name=my-application
spring.cloud.vault:
    host: localhost
    port: 8200
    scheme: https
    authentication: AWS_EC2

finally, use properties stored inside Vault in your application

@Configuration
@RestController
public class Application {

  @Value("${config.name}")
  String name = "World";

  @RequestMapping("/")
  public String home() {
    return "Hello " + name;
  }

  public static void main(String[] args) {
    SpringApplication.run(Application.class, args);
  }
}

Spring Cloud Vault Config reads config properties from Vaults using the application name and active profiles:

/secret/{application}/{profile}
/secret/{application}
/secret/{default-context}/{profile}
/secret/{default-context}

Adding Spring Cloud Vault Config modules

Spring Cloud Vault Config comes with multiple modules supporting different integrations. To to get dependencies in the appropriate version you can include a BOM (Bill of Materials) in your dependency management. For example, typical POM dependency management would be:

<dependencyManagement>
    <dependencies>
        <dependency>
            <groupId>>org.springframework.cloud</groupId>
            <artifactId>spring-cloud-vault-dependencies</artifactId>
            <version>x.y.z</version>
            <scope>import</scope>
            <type>pom</type>
        </dependency>
    </dependencies>
</dependencyManagement>

<dependencies>
    <dependency>
        <groupId>org.springframework.cloud</groupId>
        <artifactId>spring-cloud-starter-vault-config</artifactId>
    </dependency>
    <dependency>
        <groupId>org.springframework.cloud</groupId>
        <artifactId>spring-cloud-vault-config-consul</artifactId>
    </dependency>
</dependencies>