Accessing Docker Vault secrets using Spring Cloud Starter Vault Config Could Not Resolve
I am running a Docker Vault container in dev mode, and I can't read a secret located at /secret/mobsters/ called password.
Here are Spring logs.
Running vault kv get secret/mobsters returns the password key value pair. I can also access the vault server locally.
Here is how I am referencing the secret:
@Value("${password}")
String password;
@PostConstruct
private void postConstruct() {
System.out.println("My password is: " + password);
}
The Spring Cloud Vault configuration is setup using a bootstrap.yml file:
spring.application.name: mobsters
spring.cloud.vault:
host: localhost
port: 8200
scheme: http
authentication: TOKEN
token: ...
I am getting an exception with the message (full exception here):
Caused by: java.lang.IllegalArgumentException: Could not resolve placeholder 'password' in value "${password}"`
From Vault UI:
Using Spring Vault/Spring Cloud Vault with HashiCorp Vault 0.10.0 does not work as the key/value backend is mounted with versioning enabled by default. This has some significance as the versioned API has changed entirely and breaks existing client implementations. Context paths and response structure are different.
You have two options:
- Use an older Vault version (such as 0.9.5)
- Try to cope with API changes until Spring Cloud Vault finds an approach to use the new API. You need to:
- Set
spring.cloud.vault.generic.backend=secret/datain your bootstrap configuration. - Prefix property names with
data.so@Value("${hello.world}")becomes@Value("${data.hello.world}").
- Set