I am trying to set up a Spring boot app to connect to Azure keyvault and fetch secrets.
I have looked across various code samples, but cannot get one to work.
There are no errors related to the keyvault library itself, but the Spring bean does not get initialized with the property fetched from the secret.
I am using Spring boot 2.7.3 and the keyvault starter lib is 4.2.0. This is what I referred to get my property config.
https://microsoft.github.io/spring-cloud-azure/4.2.0/reference/html/appendix.html#_azure_key_vault_secrets_properties
application.yml
------------
spring:
cloud:
azure:
keyvault:
secret:
enabled: true
endpoint: https://uri/
credential:
client-certificate-path: <path to pem file>
client-id: <client-id>
profile:
tenant-id: <tenant-id>
build.gradle
--------------
implementation 'com.azure.spring:spring-cloud-azure-starter-keyvault-secrets:4.2.0'
Spring bean
-------------
#Configuration
#Getter
#Setter
public class AKVProperties {
#Value("${MYAPP-DB-LOGIN-PASSWORD}")
private String dbPassword1;
...
Exception at startup:
----------------------
Error creating bean with name 'AKVProperties': Injection of autowired dependencies failed; nested exception is java.lang.IllegalArgumentException: Could not resolve placeholder 'MYAPP-DB-LOGIN-PASSWORD' in value "${MYAPP-DB-LOGIN-PASSWORD}"
I think the issue is with application.yaml file. you have to set your config settings under property-sources: .
This is the application.yaml I used where everython is set under the property-sources:
spring:
cloud:
azure:
keyvault:
secret:
property-sources:
- credential:
client-id: <CLIENT ID>
client-secret: <CLIENT SECRET>
endpoint: '<END POINT>'
profile:
tenant-id: <TENANT ID>
Here I have retriving the secret like this
#Value("${secret}")
private String secret;
and then I am just console logging them .
Output:
Keyvault:
Related
In my Spring Boot project, I have to pass to application.yaml file the SHOW_SQL boolean value from an environment file.
Here is application.yaml
spring:
...
show-sql: ${SHOW_SQL}
...
server:
port: 8080
Here is my env file (used to start the spring app)
SHOW_SQL=true
During the mvn test process I receive this error
Failed to bind properties under 'spring.jpa.show-sql' to boolean:
Property: spring.jpa.show-sql
Value: "${SHOW_SQL}"
Origin: class path resource [application.yaml] - 13:15
Reason: failed to convert java.lang.String to boolean (caused by java.lang.IllegalArgumentException: Invalid boolean value '${SHOW_SQL}')
Action:
Update your application's configuration
Is there a way to use boolean values from an .env file and pass them to the application yaml?
Is there a way to configure the entityID of the service provider in the following configuration:
spring:
security:
saml2:
relyingparty:
registration:
myapp:
signing:
credentials:
- private-key-location: "classpath:private.pem"
certificate-location: "classpath:public.pem"
identityprovider:
entity-id: idp
singlesignon:
sign-request: false
url: https://.../auth/realms/saml-demo/protocol/saml
Currently the identity provider is always receiving the following format:
{baseUrl}/saml2/service-provider-metadata/{registrationId}
For example:
http://localhost:8080/saml2/service-provider-metadata/myapp
Can this format be customized when using the yaml config?
I'm facing the same problem as bootstrap.yml configuration not processed anymore with Spring Cloud 2020.0.
I updated spring boot cloud to the version 3.0.3. My config is:
spring:
config:
import: vault://
cloud:
vault:
enabled: true
uri: ${uri}
authentication: APPROLE
kv:
enabled: true
backend: secrets
application-name: ${path}
generic:
enabled: false
app-role:
role-id: ${role_id}
secret-id: ${secret_id}
The connection settings seems to be ok because there are some 'permission denied' log entries (path to this vault in invalid)
Vault location [secrets/application/develop] not resolvable: Status
403 Forbidden [secrets/data/application/develop]: 1 error occurred: *
permission denied ; nested exception is
org.springframework.web.client.HttpClientErrorException$Forbidden: 403
Forbidden: [{"errors":["1 error occurred:\n\t* permission
denied\n\n"]}
Any hints what's wrong?
I found the problem. it's not working when application-name is defined at spring.cloud.vault.kv.application-name. It has to be defined as spring.cloud.vault.application-name but according to https://github.com/spring-cloud/spring-cloud-vault/blob/main/docs/src/main/asciidoc/secret-backends.adoc it should also work for spring.cloud.vault.kv.application-name....
spring:
config:
import: vault://
cloud:
vault:
enabled: true
uri: ${uri}
authentication: APPROLE
application-name: ${path}
kv:
enabled: true
backend: secrets
generic:
enabled: false
app-role:
role-id: ${role_id}
secret-id: ${secret_id}
I'm just reproducing the WSO2 IS official tutorial here : https://is.docs.wso2.com/en/5.11.0/develop/spring-boot/
There for in Spring, my OIDC configuration is simply :
provider:
host: https://localhost:9443 #Change the host
spring:
security:
oauth2:
client:
registration:
wso2:
client-name : WSO2 Identity Server
client-id: aXOWlNxT0aKIfKIeH82IfsmLjsYa #Change client-id
client-secret: CVl_vmEYqRuZddBu3ZCYQQwGtYsa # Change client-secret
authorization-grant-type: authorization_code
scope: openid
provider:
wso2:
issuer-uri: ${provider.host}/oauth2/oidcdiscovery
thymeleaf:
cache: false
Nonetheless, I still get this Error :
Caused by: java.lang.IllegalStateException: The Issuer
"https://localhost:9443/oauth2/token" provided in the configuration
metadata did not match the requested issuer
"https://localhost:9443/oauth2/oidcdiscovery" at
org.springframework.util.Assert.state(Assert.java:97)
~[spring-core-5.3.2.jar:5.3.2] at
org.springframework.security.oauth2.client.registration.ClientRegistrations.withProviderConfiguration(ClientRegistrations.java:239)
~[spring-security-oauth2-client-5.4.2.jar:5.4.2] at
org.springframework.security.oauth2.client.registration.ClientRegistrations.lambda$oidc$0(ClientRegistrations.java:158)
~[spring-security-oauth2-client-5.4.2.jar:5.4.2] at
Also, my WSO2 IS is properly configured. Only defaults. As shown in the screenshot below with Identity Provider configuration
What should I do ?
This issue has been already reported [1], and as the solution /token endpoint has been configured for the discovery request [2].
I have a SpringBoot 2.1.8.RELEASE, but when I start the app. I got this error:
2019-10-01 10:38:24.373 ERROR 16232 --- [ main] d.c.b.a.s.c.d.InstanceDiscoveryListener : Couldn't register instance for discovered instance...
java.lang.IllegalArgumentException: Illegal character in authority at index 7: http://127.0.0.1:2222${server.contextPath}/actuator/health
at java.net.URI.create(URI.java:852)
at de.codecentric.boot.admin.server.cloud.discovery.EurekaServiceInstanceConverter.getHealthUrl(EurekaServiceInstanceConverter.java:45)
and I have this properties defined in my yml file
server:
port: 2222
servlet:
contextPath:
Just remove
servlet:
contextPath:
and try hitting your API.
If you want default path of the application then
servlet:
contextPath: /api
Then your API looks like :
http://127.0.0.1:2222/api/actuator/health
Change the yml file as below and try:
server:
port: 2222
servlet.context-path: /