Spring Vault 2.2.2

最新推荐文章于 2022-08-29 11:38:27 发布

Bol5261

最新推荐文章于 2022-08-29 11:38:27 发布

阅读量275

点赞数

分类专栏： Spring cloud(as vast as cloud) 文章标签： java

原文链接：https://spring.io/projects/spring-vault

版权

Spring cloud(as vast as cloud) 专栏收录该内容

2052 篇文章 2 订阅

订阅专栏

Overview
Learn
Samples

Introduction

Spring Vault provides familiar Spring abstractions and client-side support for accessing, storing and revoking secrets. It offers both low-level and high-level abstractions for interacting with Vault, freeing the user from infrastructural concerns.

With HashiCorp’s Vault you have a central place to manage external secret data for applications across all environments. Vault can manage static and dynamic secrets such as application data, username/password for remote applications/resources and provide credentials for external services such as MySQL, PostgreSQL, Apache Cassandra, Consul, AWS and more.
Features

Spring configuration support using Java based @Configuration classes.

VaultTemplate helper class that increases productivity performing common Mongo operations. Includes integrated object mapping between documents and POJOs.

Supported authentication mechanisms:

    Token

    AppRole

    AWS-EC2

    AWS-IAM

    Azure MSI

    Certificates (PKI)

    Cubbyhole

    GCP-GCE

    GCP-IAM

    Kubernetes

    Pivotal CloudFoundry

Annotation-based @VaultPropertySource integration

Support for renewable and rotating secrets

Feature Rich Object Mapping integrated with Spring’s Conversion Service

Annotation based mapping metadata but extensible to support other metadata formats

Automatic implementation of Repository interfaces including support for custom query methods.

ConfigureVaultTemplate

@Configuration
class VaultConfiguration extends AbstractVaultConfiguration {

@Override
public VaultEndpoint vaultEndpoint() {
return new VaultEndpoint();
}

@Override
public ClientAuthentication clientAuthentication() {
return new TokenAuthentication("…");
}
}

Inject and use VaultTemplate

public class Example {

// inject the actual template
@Autowired
private VaultOperations operations;

public void writeSecrets(String userId, String password) {

Map<String, String> data = new HashMap<String, String>();
data.put("password", password);

operations.write(userId, data);

}

public Person readSecrets(String userId) {

VaultResponseSupport<Person> response = operations.read(userId, Person.class);
return response.getBody();
}

}

Vault PropertySource

@VaultPropertySource(value = “aws/creds/s3”,
propertyNamePrefix = “aws.”
renewal = Renewal.RENEW)
public class MyConfig {

}

public class Example {

// inject the actual values
@Value("${aws.access_key}")
private String awsAccessKey;

@Value("${aws.secret_key}")
private String awsSecretKey;

public InputStream getFileFromS3(String filenname) {
// …
}
}

Spring Initializr
Quickstart Your Project
Bootstrap your application with Spring Initializr.

translate：
翻译：

介绍
Spring Vault为访问、存储和撤销机密提供了熟悉的Spring抽象和客户端支持。它提供了用于与Vault交互的低层和高层抽象，使用户不必担心基础设施问题。
使用HashiCorp的保险库，您可以在中心位置管理所有环境中应用程序的外部机密数据。Vault可以管理静态和动态机密，如应用程序数据、远程应用程序/资源的用户名/密码，并为外部服务（如MySQL、PostgreSQL、Apache Cassandra、Consul、AWS等）提供凭据。
特征
使用基于Java的@configuration类支持Spring配置。
VaultTemplate帮助程序类，可提高执行常见Mongo操作的效率。包括文档和POJO之间的集成对象映射。
支持的身份验证机制：
代币
接近
AWS-EC2标准
AWS-IAM公司
Azure微星
证书（PKI）
小隔间
GCP-GCE公司
GCP-IAM公司
库伯内特斯
关键云铸造
基于注释的@VaultPropertySource集成
支持更新和轮换机密
与Spring转换服务集成的功能丰富的对象映射
基于注释的映射元数据，但可扩展以支持其他元数据格式
存储库接口的自动实现，包括对自定义查询方法的支持。