I am facing some challenges while configuring Spring Boot Micrometer for my application. Micrometer documents says we can configure influxdb uri, userName, password, db etc through application.yml file which is working fine for my demo application but for production ready application we are using docker-compose and we are setting all our environment variable through docker-compose. Now I am facing challenges like -
How can I force micrometer to use docker-compose environment variable influxdb uri
For influxdb password, our application stores passwords in AWS secret Manager, how micrometer will access password from secret manager?
Can I configure all this micrometer properties programmatically (Spring Bean)? How?
I'm not sure how to leverage AWS Secret Manager, but for point 1 and 3 I can offer some advice.
I'm not familiar with Influx specifically, but based on the javadoc it uses management.metrics.export.influx.username to set the password.
1- To set a application property via an environment variable, set the equivalent using the typical 'SCREAMING_SNAKE_CASE' format:
MANAGEMENT_METRICS_EXPORT_INFLUX_USERNAME=myInfluxUser
Or if you already have an environment variable that you want to reference in you application.yml file you con reference in as a property:
management.metrics.export.influx.username: ${INFLUX_USER}
3- To configure Micromerter/influx programatically create a bean on type InfluxProperties:
#Bean
public InfluxProperties influxProperties() {
return new InfluxProperties(); // Programatically set any properties here.
}
Related
So the title says pretty much it all. I have a spring-boot based Microservices and I need to supply everything which usually goes to application.properties via AWS AppConfig. How can I do this? I've created a sample project, but how can I do this for the database URL?
If I had correctly understand the question then you need to configure the application properties through the AWS Config. On high level, AWS Config has Configuration Profile where you can store the configurations. The config profile can be in YML, JSON or text document format. Here is the official documentation of AWS config.
I have a small doubt. I need to connect Spring Cloud Config Server with JDBC Backend. But the credentials to connect to the DB aren’t readily available. The real password has to be retrieved from Cyberark using a nickname and I have relevant Java Code for the same. I need a mechanism where this deciphered Password and Username can be used for setting the datasource of the Spring Cloud Config Server. Is this possible?
I'd like my app to use the default application credential chain but to be able to customise the access scopes available to the role. Is there a way to do it?
Turns out Spring Cloud GCP provides an option to set scopes for the credentials. To do that you need to specify, eg: spring.cloud.gcp.credentials.scopes=DEFAULT_SCOPES,https://www.googleapis.com/auth/cloud-vision in your application.ini/yaml file or as per usual in Spring you can use environmental variables to do it as well, eg: export SPRING_CLOUD_GCP_CREDENTIALS_SCOPES=DEFAULT_SCOPES,https://www.googleapis.com/auth/drive
For more details check:
https://docs.spring.io/spring-cloud-gcp/docs/current/reference/html/#scopes
I have been using the Spring cloud Service connectors for Pivotal cloud foundry for a long time which gets the connection details from the VCAP_SERVICES env variable. Now we have a requirement to read these credentials from Vault . I am just curious , Can I still continue to use the Service binding approach with spring cloud connector ? I would assume we don't want to expose these credentials from vault to an VCAP_SERVICES variable which defeat the purpose of the vault. Has there been any enhancements in Spring cloud connectors to read the credentials directly from Vault rather than depending the VCAP_SERVICES env variable or should I resort back to the Spring boot's default Application Properties based approach instead of the service binding approach using cloud connectors ?
The Spring Cloud Connectors project is now in maintenance mode, in favor of the newer Java CFEnv project. However, Java CFEnv is also very specific to Cloud Foundry's VCAP_SERVICES model of exposing service bindings and won't help you if the service connection info is in Vault.
I would suggest that you fall back to the Spring Boot properties-based approach using Spring Cloud Vault or Spring Cloud Config Server's Vault integration to automate fetching the properties from Vault and making them available as Spring Boot properties.
We have a spring-boot 2 application that connects to db2 database via DAOs. The current application uses application.properties to store the credentials, like this:
spring.datasource.url=jdbc:db2://127.0.0.1:50000/bcupload
spring.datasource.username=db2user
spring.datasource.password=mysecretpa$$
spring.datasource.driver-class-name=com.ibm.db2.jcc.DB2Driver
I would like to store username and password in Hashicorp Vault and retreive it at runtime using Spring Cloud Vault facilities.
I've examined this example from Spring Guides but I'm not understanding what to do with these values I retrieve them from the Vault. How do convert them to properties that Spring Boot uses when connecting to my db2 data source?
Add the same property in vault and connect to Vault with Spring-cloud-vault Library. Have all Vault related configurations in
bootstrap.yml
Not required to convert that as a property. Above mentioned steps are enough