Spring Cloud Vault
3.1.1Features
-
Retrieve secrets from Vault and initialize Spring Environment with remote property sources.
-
Obtain secrets secured with SSL.
-
Generate credentials for MySQL, PostgreSQL, Apache Cassandra, MongoDB, Consul, AWS, and RabbitMQ.
-
Token, AppId, AppRole, Client Certificate, Cubbyhole, and AWS EC2 and IAM, Kubernetes authentication.
-
Bootstrap application context: a parent context for the main application that can be trained to do anything.
-
Cloud Foundry integration using HashiCorp’s Vault service broker through Spring Cloud Vault Connector.
Quick Start
To get started with Spring Cloud Vault, simply include a build dependency.
For example, typical POM dependencies would be:
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-vault-config</artifactId>
</dependency>then configure your Vault endpoint and authentication
bootstrap.yml for Token-based authentication
spring.application.name: my-application
spring.cloud.vault:
host: localhost
port: 8200
scheme: https
authentication: TOKEN
token: …bootstrap.yml for AWS-EC2 authentication
spring.application.name: my-application
spring.cloud.vault:
host: localhost
port: 8200
scheme: https
authentication: AWS_EC2finally, use properties stored inside Vault in your application
@Configuration
@RestController
public class Application {
@Value("${config.name}")
String name = "World";
@RequestMapping("/")
public String home() {
return "Hello " + name;
}
public static void main(String[] args) {
SpringApplication.run(Application.class, args);
}
}Spring Cloud Vault Config reads config properties from Vaults using the application name and active profiles:
/secret/{application}/{profile}
/secret/{application}
/secret/{default-context}/{profile}
/secret/{default-context}Adding Spring Cloud Vault Config modules
Spring Cloud Vault Config comes with multiple modules supporting different integrations. To to get dependencies in the appropriate version you can include a BOM (Bill of Materials) in your dependency management. For example, typical POM dependency management would be:
<dependencyManagement>
<dependencies>
<dependency>
<groupId>>org.springframework.cloud</groupId>
<artifactId>spring-cloud-vault-dependencies</artifactId>
<version>x.y.z</version>
<scope>import</scope>
<type>pom</type>
</dependency>
</dependencies>
</dependencyManagement>
<dependencies>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-vault-config</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-vault-config-consul</artifactId>
</dependency>
</dependencies>
Documentation
| 3.1.1 CURRENT GA | Reference Doc. | |
| 4.0.0-M3 PRE | Reference Doc. | |
| 3.1.2-SNAPSHOT SNAPSHOT | Reference Doc. | |
| 3.0.5-SNAPSHOT SNAPSHOT | Reference Doc. | |
| 3.0.4 GA | Reference Doc. | |
| 2.2.8.BUILD-SNAPSHOT SNAPSHOT | Reference Doc. | |
| 2.2.7.RELEASE GA | Reference Doc. |
| Branch | Initial Release | End of Support | End Commercial Support * |
|---|---|---|---|
|
3.1.x
|
2021-11-30 | 2023-05-18 | 2024-08-22 |
|
3.0.x
|
2020-12-21 | 2022-05-19 | 2023-09-19 |
|
2.2.x
|
2019-11-26 | 2020-11-26 | 2022-03-26 |
OSS support
Free security updates and bugfixes with support from the Spring community. See VMware Tanzu OSS support policy.
Commercial support
Business support from Spring experts during the OSS timeline, plus extended support after OSS End-Of-Life.
Publicly available releases for critical bugfixes and security issues when requested by customers.
Future release
Generation not yet released, timeline is subject to changes.