Skip to content

Latest commit

 

History

History

03-config-server-vault

README.adoc

spring-cloud-config-vault Build Status

Spring Could Config Server + Vault

important to know

vault profile properties

VaultEnvironmentRepository.java - org/springframework/cloud/config/server/environment/VaultEnvironmentRepository.class
@ConfigurationProperties("spring.cloud.config.server.vault")
public class VaultEnvironmentRepository implements EnvironmentRepository, Ordered {

  public static final String VAULT_TOKEN = "X-Vault-Token";

  /** Vault host. Defaults to 127.0.0.1. */
  @NotEmpty
  private String host = "127.0.0.1";

  /** Vault port. Defaults to 8200. */
  @Range(min = 1, max = 65535)
  private int port = 8200;

  /** Vault scheme. Defaults to http. */
  private String scheme = "http";

  /** Vault backend. Defaults to secret. */
  @NotEmpty
  private String backend = "secret";

  /** The key in vault shared by all applications. Defaults to application. Set to empty to disable. */
  private String defaultKey = "application";

  /** Vault profile separator. Defaults to comma. */
  @NotEmpty
  private String profileSeparator = ",";

  // ...

override any property

  1. override vault host in bootstrap.yml

spring:
  profiles:
    active: vault
  cloud:
    config:
      server:
        vault:
          host: vault

worked in separate: rabbit and vault in docker-compose + config-server run locally

build, run and test - not worked with confog-server in docker, run it in separate mode locally after vault docker will be bootstrapped
bash gradlew clean assemble composeUp bootRun
# do some...
bash gradlew composeDown

spring-cloud-config-vault

do unauthorized request
http :8888/application-default.properties
HTTP/1.1 400
Connection: close
Content-Type: application/json;charset=UTF-8
Date: Sun, 24 Sep 2017 07:08:14 GMT
Transfer-Encoding: chunked
X-Application-Context: application:vault:8888

{
    "error": "Bad Request",
    "exception": "java.lang.IllegalArgumentException",
    "message": "Missing required header: X-Config-Token",
    "path": "/application-default.properties",
    "status": 400,
    "timestamp": 1506236894133
}
do authorized request
http :8888/application-default.properties 'X-Config-Token:spring-cloud-examples-vault-token'
HTTP/1.1 200
Content-Length: 0
Content-Type: text/plain
Date: Sun, 24 Sep 2017 07:09:49 GMT
X-Application-Context: application:vault:8888
# nothing...
authorize vault in console
echo "spring-cloud-examples-vault-token" > ~/.vault-token
export VAULT_ADDR='http://0.0.0.0:8200'
add some data t ovault storage
vault write /secret/application foo=bar
Success! Data written to: secret/application

vault write /secret/bootstrap info='config-server + vault'
Success! Data written to: secret/bootstrap
fetch data
http :8888/application-default.properties 'X-Config-Token:spring-cloud-examples-vault-token'
HTTP/1.1 200
Content-Length: 8
Content-Type: text/plain
Date: Sun, 24 Sep 2017 07:09:49 GMT
X-Application-Context: application:vault:8888

foo: bar

http :8888/bootstrap/default 'X-Config-Token:spring-cloud-examples-vault-token'
HTTP/1.1 200
Content-Type: application/json;charset=UTF-8
Date: Sun, 24 Sep 2017 07:10:03 GMT
Transfer-Encoding: chunked
X-Application-Context: application:vault:8888

{
    "label": null,
    "name": "bootstrap",
    "profiles": [
        "default"
    ],
    "propertySources": [
        {
            "name": "vault:bootstrap",
            "source": {
                "info": "config-server + vault"
            }
        },
        {
            "name": "vault:application",
            "source": {
                "foo": "bar"
            }
        }
    ],
    "state": null,
    "version": null
}

vault REST API

vault using REST API
http :8200/v1/sys/health
HTTP/1.1 200 OK
Cache-Control: no-store
Content-Length: 182
Content-Type: application/json
Date: Sun, 24 Sep 2017 06:07:03 GMT

{
    "cluster_id": "55c792d9-e39b-15ca-d13a-1942240d5a5f",
    "cluster_name": "vault-cluster",
    "initialized": true,
    "sealed": false,
    "server_time_utc": 1506233223,
    "standby": false,
    "version": "0.8.3"
}

not worked all in docker-compose together

add in settings.gralde
include "docker:vault-rabbitmq-config"
build, run and test - not worked with confog-server in docker, run it in separate mode locally after vault docker will be bootstrapped
bash gradlew clean assemble composeUp
# do some...
bash gradlew composeDown
do unauthorized request
http :8888/application-default.properties
HTTP/1.1 400
Connection: close
Content-Type: application/json;charset=UTF-8
Date: Sun, 24 Sep 2017 07:08:14 GMT
Transfer-Encoding: chunked
X-Application-Context: application:vault:8888

{
    "error": "Bad Request",
    "exception": "java.lang.IllegalArgumentException",
    "message": "Missing required header: X-Config-Token",
    "path": "/application-default.properties",
    "status": 400,
    "timestamp": 1506236894133
}
do some authorized requests
http :8888/application-default.properties 'X-Config-Token:spring-cloud-examples-vault-token'
HTTP/1.1 200
Content-Length: 0
Content-Type: text/plain
Date: Sun, 24 Sep 2017 07:09:49 GMT
X-Application-Context: application:vault:8888
# nothing...
authorize vault in console
echo "spring-cloud-examples-vault-token" > ~/.vault-token
export VAULT_ADDR='http://0.0.0.0:8200'
add some data
vault write /secret/application foo=bar
Success! Data written to: secret/application

vault write /secret/bootstrap info='config-server + vault'
Success! Data written to: secret/bootstrap
fetch data
http :8888/application-default.properties 'X-Config-Token:spring-cloud-examples-vault-token'
HTTP/1.1 200
Content-Length: 8
Content-Type: text/plain
Date: Sun, 24 Sep 2017 07:13:50 GMT
X-Application-Context: application:vault:8888

foo: bar

http :8888/bootstrap-default.properties 'X-Config-Token:spring-cloud-examples-vault-token'
HTTP/1.1 200
Content-Length: 36
Content-Type: text/plain
Date: Sun, 24 Sep 2017 07:14:14 GMT
X-Application-Context: application:vault:8888

foo: bar
info: config-server + vault