I'm able to set up a git repository a config backend:
spring:
cloud:
config:
server:
git:
# username: user
# password: '{cipher}passwd'
I think it's not a good practive to provide user and password straightforwardly herewith on bootstrap.yml file.
I'd like they are picked up from Vault.
Is it possible?
You can use spring cloud vault to do so, Spring offers a start guide here
Related
I’m trying to access the credentials kept at a vault location through spring boot, I have roleID , secretID, nameSpace, vaultPath & address given to me.
The credentials are kept at a specific vault path.
I am trying to configure this in application.yml, but it fails, also trying to figure out where to specify the vault path.
application.yml:
spring:
application:
name: DIT
spring.cloud.vault:
authentication: APPROLE
scheme: https
uri: <uri>
namespace:
app-role:
role-id:
secret-id:
I'm working with microservice architecture and have spring cloud config service and another microservice.
profiles:
active: vault
cloud:
# Configuration for a vault server running in dev mode
vault:
scheme: http
host: 127.0.0.1
port: 8200
connection-timeout: 5000
read-timeout: 15000
authentication: TOKEN
token: s.E4gdoIYAKxMvCE56MP5Etmvy
kv:
enabled: true
backend: secret
backend-version: 2
profile-separator: /
generic:
enabled: false
application-name: myapp
Config server dependency
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-vault-config</artifactId>
<version>2.1.5.RELEASE</version>
</dependency>
this is into .yml into the config service. Then into the .yml for my microservice i have db.username property which I want to resolve from Vault but I can't. Do you have any ideas?
username: db.username
password: secret/apm-transaction-service/dev/db.user
#Value("${db.username}")
this value is resolved into the java code but not into the .yml
Now for each microservice which I have I want to resolve the secrets from the configuration service without making any changes into the microservices. Currently reading native .ymls from the config service and want to add one more source :)
ApplicationStartupRunner run method Started !!root
if you are using spring-boot, for the value in .yml file to be resolved it has to be a variable. you must use ${db.username} in the yaml file
I have question is there any way to retrieve certain values and inject them to bootstrap.yml while application is coming up.
I have configuration file like this:
spring:
application:
name: myApp
cloud:
consul:
enabled: true
host: localhost
port: 8500
config:
enabled: true
datasource:
url: jdbc:oracle:thin:#localhost:1111:XXXX
username: ${nameOfVariable1}
password: ${nameOfVariable1}
driver-class-name: oracle.jdbc.OracleDriver
For example, I need to configure embedded tomcat port, or DB credentials, I don't want to put it hardcoded in .yml properties file, instead I want to put some variable name in .yml so Spring will go and bring value from Consul. Is it possible?
You can use Spring Cloud Consul Config project that helps to load configuration into the Spring Environment during the special "bootstrap" phase.
3 steps:
add pom dependency: spring-cloud-starter-consul-config
enable consul config: spring.cloud.consul.config.enabled=true
add some config in consul kv in specific folder, such as key: config/testConsulApp/server.port, value:8081
and then start the sample web app, it will listen 8081.
more detail at spring cloud consul doc.
and demo code here
I have following Spring cloud config application.yml:
spring:
application:
name: configserver
cloud:
config:
server:
git:
uri: https://xyz#bitbucket.org/xyz/microservices-configs.git
username: xyz
password: xyz
basedir: target/configs
server:
port: 8881
Following is my bootstrap.yml of user microservice:
spring:
application:
name: userservice
cloud:
config:
uri: http://localhost:8881/
Scenario - 1
When I hit config server in browser like this:
http://localhost:8881/development/userservice-development.yml
It serves file properly. and when I look at basedir i.e. target/config, I see:
- userservice.yml
- gateway.yml
Exactly what I wanted, Since I added this two files only in development branch.
Scenario - 2
When I run my userservice microservice project using following command:
mvn clean spring-boot:run -Dspring.profiles.active=development
It fetches the right file from git, but it checkout from master branch ! but not from the development branch as I am expecting. am I expecting right ? (FYI I have both development and production yml in master branch)
So the question is, how do we go for using config server ? Is there any configuration which we can set to fetch yml from that particular branch only ? I believe we need to set some label, because as per documentation, default label is master. Can anyone let me know how do we go for setting label in above scenario ?
According to the documentation, the configuration you want to set in your config client is:
spring.cloud.config.label=mybranch
Where mybranch is an existing branch in your git repo.
You can specify the default branch (more generally, Git label) that a config server uses if a client does not specify the label, via property spring.cloud.config.server.git.default-label, perhaps this is what you are after? Certainly solves the issue for me!
If only use the branch in a yml file just configure:
spring:
cloud:
config:
server:
git:
uri: https://gitlab.com/somerepo.git
username: someuser
password: somepass
default-label: branchname
Config server designed to use profile to separate environment.
Example:
/{application}/{profile}[/{label}]
/{application}-{profile}.yml
/{label}/{application}-{profile}.yml
/{application}-{profile}.properties
/{label}/{application}-{profile}.properties
The branching make configuration inconsistency.
Concept of config server is based on 12-factor config (http://12factor.net/config ) .
Check it out for detail reason.
I have a working Spring cloud config server who provides configuration from a git repository. All configurations are stored in the root directory in the repository. They are named {name}-{profile}.yml.
I have changed the directory structure to {name}/{profile}.yml
When I curl http://configserver:8888/appname/myprofile the config server I get a json response but the propertySources is empty.
My spring cloud server config
spring:
cloud:
config:
server:
git:
uri: http://git#git.host/scm/cas/application-config.git
You need to add cloud.config.server.git.searchPaths to the configuration server application.yml.
cloud:
config:
server:
git:
searchPaths: <directory>