We are in process of migrating spring boot 3 from 2.7.7(We did an incremental upgrade from 2.6.8 to 2.7.7 and then to 3.0.0). We have almost got our application working except for the secrets are not read from the vault after migrating to Spring Boot 3 - Getting an error - This method requires either a Token (spring.cloud.vault.token) or a token file at ~/.vault-token. The vault integration worked perfectly fine in the previous version of 2.6.8.
**Specifications - **
JDK - 17
Spring boot - 3.0.0
Spring Cloud - 2022.0.0
spring-cloud-starter-vault-config - 4.0.0
**bootstrap.yml - **
bootstrap.yml: |-
spring:
cloud:
vault:
enabled: true
host: pvault.dummy.local
port: 8200
uri: https://localhost:8200
scheme: https
namespace: rpp
authentication: KUBERNETES
generic:
enabled: false
kv:
enabled: true
backend: kv
profile-separator: '/'
application-name: path1/couchbase
ssl:
trust-store: classpath:config/vault-truststore.p12
trust-store-password: password
#trust-store-type: JKS
kubernetes:
role: b2c-isp-bss-role
kubernetes-path: path1
service-account-token-file: /var/run/secrets/kubernetes.io/serviceaccount/token
application.yml -
application.yml: |-
spring:
cloud:
bootstrap:
enabled: true
The migration guide does not suggest any change w.r.t vault. I'm a bit clueless as to where to start the changes.
Related
I'm trying to read secret values using spring vault. All the properties for client application is stored in github and spring config server is used to access the properties. When I add the vault configuration to client application bootstrap.yml as below, the values are read properly.
bootstrap.yml
spring:
application:
name: client-app
cloud:
config:
uri: http://config-server:8080
vault:
enabled: true
authentication: APPROLE
app-role:
role-id: 12345
secret-id: 12345
role: pres-read
app-role-path: approle
connection-timeout: 5000
read-timeout: 15000
kv:
enabled: true
backend: secrets
application-name: client-app
uri: https://vault/
application.yml in config server
spring:
cloud:
config:
server:
git :
uri: https://github/repo.git
username: abc
password: pass
refreshRate: 300
Based on https://docs.spring.io/spring-cloud-vault/docs/current/reference/html/config-data.html#vault.configdata , it should be possible to load the vault config from properties yml in github. But if i move the above vault config to my client-app.yml in github, the properties are not read from the vault. How do I achieve this?
How to use application.yml in spring cloud config client application?
spring:
application:
name: app-cli
profiles:
active: DEV
config:
import: "configserver:"
cloud:
config:
name: ${spring.application.name}
uri: http://192.168.0.12:8888
username: thirumal
password: thirumal
request-read-timeout: 200
request-connect-timeout: 100
fail-fast: true
The client app is configure with all the required properties, still it's not connecting to config-server.
The lib implementation 'org.springframework.cloud:spring-cloud-starter-config'
I am struggling to fix this issue.
I am trying to use the spring cloud-config with github repo but it not fetching any config.
The server is working fine with file-based configuration but not working with GIT.
spring:
profiles:
active: native
cloud:
config:
discovery:
enabled: false
server:
git:
uri: https://github.com/${GIT_USER}/config-server
searchPaths: organizationservice,personservice,zuulservice
username: ${GIT_USER}
password: ${GIT_PASS}
skipSslValidation: true
cloneOnStart: true
Boot and cloud version
springBootVersion = '2.1.7.RELEASE'
springCloudVersion= "Greenwich.SR2"
I am trying to mix native and vault profile with config server backend:
spring:
profiles:
active: native, vault
cloud:
config:
server:
native:
searchLocations: classpath:/abc
vault:
kv-version: 2
when I start config server I curl for properties:
curl -X "GET" "http://localhost:20000/appName/dev" -H "X-Config-Token: xxxxxxxx"
I got empty propertySources list:
{"name":"appName","profiles":["dev"],"label":null,"version":null,"state":null,"propertySources":[]}%
but when I change my bootstrap file (remove vault profile):
spring:
profiles:
active: native
cloud:
config:
server:
native:
searchLocations: classpath:/abc
vault:
kv-version: 2
It works: returning my properties:
{"name":"appName","profiles":["dev"],"label":null,"version":null,"state":null,"propertySources":[{"name":"classpath:/abc/appName-dev.yml","source":{"some.properties":"VALUE","....}
I did tried with "order" flags but still nothing...
The only workaround I found is bootstrap with "composite" profile like this:
spring:
profiles:
active: composite
cloud:
config:
server:
composite:
-
type: vault
kv-version: 2
-
type: native
searchLocations: classpath:/abc
But still don't know why it does not work with multi profile configuration, and why vault is overriding my native properties....
I have configured a Spring Cloud Config server to force BASIC authentication and here is my application.yml file:
# Config Repo:
spring:
cloud:
config:
server:
git:
uri: file:///${HOME}/microservices_config_repo
# Show sensitive information for endpoints:
endpoints:
sensitive: true
# Security for endpoints:
management:
security:
enabled: true
security:
user:
name: user1
password: changeme
My issue I am having is that when I start the server up as:
mvn spring-boot:run
The server endpoints FORCE BASIC Authentication.
But when I start the Application.main() method, BASIC Authentication is enabled, but NOT enforced.
Meaning I can access configuration on:
http://localhost:8888/client-config
and
http://user1:changeme#localhost:8888/client-config
Can anyone help me understand why this is occuring and how to enforce BASIC Authentication while running the Application.main(), and not just through the Maven spring-boot plugin?
Note, when I use maven to package the app into a jar, then run the generated jar, BASIC Authentication is enforced, but still not through the IDE running just the Application.main directly.
Maybe the format the oy Yaml for example to me seems works like this:
server:
port:9999
spring:
application:
name: config-server-sample
cloud:
config:
name: ${spring.application.name}
fail-fast: true
server:
git:
uri: url
username: xx
password: zz
default-label: master
basedir: '${user.home}/${spring.application.name}/default'
timeout: 10
clone-on-start: true
force-pull: true
security:
basic:
enabled: true
path: /**
ignored: /health**,/info**,/metrics**,/trace**
user:
name: admin
password: tupassword