Skip to content

A Spring Boot app to read secrets from vault using vault maven plugin

Notifications You must be signed in to change notification settings

BuntyRaghani/spring-boot-vault-maven-plugin

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
 
 
 
 
 
 
 
 

Repository files navigation

Spring Boot Vault Maven Plugin

A Spring Boot app to read secrets from HashiCorp Vault using vault maven plugin.

Vault Maven Plugin

This Maven plugin extracts secrets from HashiCorp Vault and populates Maven properties.

NOTE: This plugin will only work if the version of KV Secrets Engine is set to 1. If the version of KV Secrets Engine is set to 2 then our application will fail to start because this plugin will throw a 404 error while reading the secrets from the Vault.

This is happening because the response structure has been modified in the case of KV Secret Engine V2. Also, the path structure to read the secrets has been updated in the case of V2.

How to Use:

  1. Add vault-maven-plugin in pom.xml of your application.
  2. Configure the Vault server inside the execution section of the plugin by adding the server URL and Token that will be used to authenticate with the Vault server.
  3. Configure the path from where you want to read the secrets.
  4. Configure the keys whose values you want to read and assign them to Maven properties.
  5. Refer Maven properties inside the application.properties and assign them to the Spring Boot properties.
  6. Use Spring Boot properties wherever required in your application.

NOTE: Do not hardcode the vault token inside the pom.xml. You can pass it as an argument while building or running your application.

How to Run Application

Before starting the application, make sure:

  1. Vault is up and running on your localhost.
  2. You have stored the two secrets with key username & password in the path /secrets/v1/dev.

NOTE: Inside pom.xml we have stored the path as /secrets/v1/${environment} where the value of environment needs to be passed as an argument while building or running the application.


Start the application using any of the commands mentioned below:

Note: These commands need to run inside the root folder of this project i.e inside the spring-boot-vault-maven-plugin folder.

  • Using maven
    mvn spring-boot:run -DvaultToken=vaultServerToken -Denvironment=dev

  • From jar file
    Create a jar file using 'mvn clean install -DvaultToken=vaultServerToken -Denvironment=dev' command and then execute
    java -jar target/read-secrets-1.0.1-SNAPSHOT.jar

Note: By default spring boot application starts on port number 8080. If port 8080 is occupied in your system then you can change the port number by uncommenting and updating the server.port property inside the application.properties file that is available inside the src > main > resources folder.


Send an HTTP GET request to '/getSecretsFromVault' endpoint using any of the two methods:

  • Browser or REST client
    http://localhost:8080/getSecretsFromVault

  • cURL
    curl --request GET 'http://localhost:8080/getSecretsFromVault

How to Run Unit Test Cases

Run the test cases using any of the commands mentioned below:

Note: These commands need to run inside the root folder of this project i.e inside the spring-boot-vault-maven-plugin folder.

  • To run all the test cases
    mvn test -DvaultToken=vaultServerToken -Denvironment=dev

  • To run a particular test class
    mvn -Dtest=ReadSecretsControllerTest test -DvaultToken=vaultServerToken -Denvironment=dev
    or
    mvn -Dtest=ReadSecretsApplicationTests test -DvaultToken=vaultServerToken -Denvironment=dev


Note: While starting your application or while running the maven install command you need to provide the argument -DvaultToken=vaultServerToken -Denvironment=dev or else your application will fail to start / maven install command will also fail due to test case failures.

About

A Spring Boot app to read secrets from vault using vault maven plugin

Topics

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages