Spring Vault 2.2.1

Introduction

Spring Vault provides familiar Spring abstractions and client-side support for accessing, storing and revoking secrets. It offers both low-level and high-level abstractions for interacting with Vault, freeing the user from infrastructural concerns.

With HashiCorp’s Vault you have a central place to manage external secret data for applications across all environments. Vault can manage static and dynamic secrets such as application data, username/password for remote applications/resources and provide credentials for external services such as MySQL, PostgreSQL, Apache Cassandra, Consul, AWS and more.
Features

Spring configuration support using Java based @Configuration classes.

VaultTemplate helper class that increases productivity performing common Mongo operations. Includes integrated object mapping between documents and POJOs.

Supported authentication mechanisms:

    Token

    AppRole

    AWS-EC2

    AWS-IAM

    Azure MSI

    Certificates (PKI)

    Cubbyhole

    GCP-GCE

    GCP-IAM

    Kubernetes

    Pivotal CloudFoundry

Annotation-based @VaultPropertySource integration

Support for renewable and rotating secrets

Feature Rich Object Mapping integrated with Spring’s Conversion Service

Annotation based mapping metadata but extensible to support other metadata formats

Automatic implementation of Repository interfaces including support for custom query methods.

ConfigureVaultTemplate

@Configuration
class VaultConfiguration extends AbstractVaultConfiguration {

@Override
public VaultEndpoint vaultEndpoint() {
return new VaultEndpoint();
}

@Override
public ClientAuthentication clientAuthentication() {
return new TokenAuthentication("…");
}
}

Inject and use VaultTemplate

public class Example {

// inject the actual template
@Autowired
private VaultOperations operations;

public void writeSecrets(String userId, String password) {

Map<String, String> data = new HashMap<String, String>();
data.put("password", password);

operations.write(userId, data);

}

public Person readSecrets(String userId) {

VaultResponseSupport<Person> response = operations.read(userId, Person.class);
return response.getBody();
}

}

Vault PropertySource

@VaultPropertySource(value = “aws/creds/s3”,
propertyNamePrefix = “aws.”
renewal = Renewal.RENEW)
public class MyConfig {

}

public class Example {

// inject the actual values
@Value("${aws.access_key}")
private String awsAccessKey;

@Value("${aws.secret_key}")
private String awsSecretKey;

public InputStream getFileFromS3(String filenname) {
// …
}
}

Spring Initializr
Quickstart Your Project
Bootstrap your application with Spring Initializr.

发布了0 篇原创文章 · 获赞 152 · 访问量 6531
展开阅读全文

没有更多推荐了,返回首页

©️2019 CSDN 皮肤主题: 精致技术 设计师: CSDN官方博客

分享到微信朋友圈

×

扫一扫,手机浏览