How can I config different username/password for spring cloud config for each application.
I need that one application can't read the configuration of other application.
I can set an user/password but is for all:
security:
user:
name: account
password: mypassword
Related
I am running Spring Cloud Dataflow on Kubernetes runtime.
Currently, I am using K8 secrets to manage secrets for the dataflow server, and skipper server. Going forward I want to use Spring Cloud Vault as a secrets manager.
Is there any support to configure vault secrets in dataflow and skipper servers?
SCDF Version: springcloud/spring-cloud-dataflow-server:2.10.0
Skipper Version: springcloud/spring-cloud-skipper-server:2.9.0
I enabled following configuration in
application.yaml
vault:
enabled: true
authentication: KUBERNETES
uri: http://<vault_host>
backend: secret
application-name: scdf-server
kubernetes:
role: internal-app
bootstrap.yaml
spring:
application:
name: scdf-server
I was expecting scdf-server to inject secrets from the vault kV backend, but it seems it's not activating the vault config.
Spring Cloud Vault isn't in the classpath of the standard build.
You can follow these instructions to add jar files to the containers.
I’m trying to access the credentials kept at a vault location through spring boot, I have roleID , secretID, nameSpace, vaultPath & address given to me.
The credentials are kept at a specific vault path.
I am trying to configure this in application.yml, but it fails, also trying to figure out where to specify the vault path.
application.yml:
spring:
application:
name: DIT
spring.cloud.vault:
authentication: APPROLE
scheme: https
uri: <uri>
namespace:
app-role:
role-id:
secret-id:
I have a Resource Server Spring boot app (i.e. #EnableResourceServer annotated class) with following application.yml that works perfectly:
...
security:
oauth2:
resource:
userInfoUri: http://localhost:9100/oauth/user
...
But when I try to run my server as docker image (from a docker file) with environment vars it does not take into account my configuration. The server will still use config from application.yml
(from my **docker-compose.yml** file)
...
environment:
- SERVER_PORT=8999
- SECURITY_OAUTH2_RESOURCE_USER-INFO-URI=http://oauth-server:7777/oauth/user
...
I developed a spring boot application which is using OAuth2 autoconfigure but I am not able to force it to read client configurations from a yml file other than application.yml
Thanks in advance
One simple solution is to use multiple profiles and one client file by profile:
The first properties files named application-my-client-1.yml :
spring:
security:
oauth2:
client:
registration:
my-client-1:
client-id: ${APP-CLIENT-ID}
client-secret: ${APP-CLIENT-SECRET}
client-name: my-client user
provider: my-client
scope: user
redirect-uri: http://localhost:8080/login/oauth2/code/my-client
Activated by setting the my-client-1 profile to on when running the spring boot app:
java -jar -Dspring.profiles.active=my-client-1 myApplication.jar
The second properties files named application-my-client-2.yml :
spring:
security:
oauth2:
client:
registration:
my-client-2:
client-id: ${APP-CLIENT-ID}
client-secret: ${APP-CLIENT-SECRET}
client-name: my-client-2 email
provider: my-client-2
scope: user:email
redirect-uri: http://localhost:8080/login/oauth2/code/my-client-2
Activated by setting the my-client-2 profile to on when running the spring boot app:
java -jar -Dspring.profiles.active=my-client-2 myApplication.jar
All properties can be activited by setting all profiles on:
java -jar -Dspring.profiles.active=my-client-1,my-client-2 myApplication.jar
I'm able to set up a git repository a config backend:
spring:
cloud:
config:
server:
git:
# username: user
# password: '{cipher}passwd'
I think it's not a good practive to provide user and password straightforwardly herewith on bootstrap.yml file.
I'd like they are picked up from Vault.
Is it possible?
You can use spring cloud vault to do so, Spring offers a start guide here