Search code examples
spring-boothashicorp-vaultspring-vaultspring-cloud-vault-config

UserPass Authentication Vault


I have been trying to use the authentication method from Hashicorp Vault (from here) in my application to get configurations.

But not able to get any information regarding this authentication type in Spring's docs, examples, etc. Can you please help me out as I need this type of authentication to help me with vault in multiuser environment.


Solution

  • Here is my solution:

    Configuration class:

    package com.company.myapp.config;
    
    import org.springframework.beans.factory.annotation.Value;
    import org.springframework.context.annotation.Bean;
    import org.springframework.context.annotation.Configuration;
    import org.springframework.vault.VaultException;
    import org.springframework.vault.authentication.ClientAuthentication;
    import org.springframework.vault.support.VaultToken;
    import org.springframework.web.client.RestOperations;
    import org.springframework.web.client.RestTemplate;
    
    @Configuration
    public class VaultConfig {
    
        public static final String LOGIN_PATH = "/v1/auth/userpass/login/";
    
        @Bean
        public ClientAuthentication clientAuthentication(@Value("${VAULT_USERNAME}") String username,
                                                         @Value("${VAULT_PASSWORD}") String password,
                                                         @Value("${spring.cloud.vault.uri}") String host) {
            return new UserPassAuthentication(host, LOGIN_PATH, username, password);
        }
    
        public static class UserPassAuthentication implements ClientAuthentication {
    
            private RestOperations restOperations = new RestTemplate();
    
            private String url;
    
            private String password;
    
            public UserPassAuthentication(String host, String path, String user, String password) {
                this.url = new StringBuilder(host).append(path).append(user).toString();
                this.password = password;
            }
    
          @Override
        public VaultToken login() throws VaultException {
            return VaultToken.of(
                    ((Map<String, String>) restOperations.postForEntity(url, new Password(password), Map.class)
                            .getBody().get("auth")).get("client_token"));
        }
    }
    
    static class Password {
        private String password;
    
        public Password(String password) {
            this.password = password;
        }
    
        public String getPassword() {
            return password;
        }
    
        public void setPassword(String password) {
            this.password = password;
        }
    }
    

    resources/bootstrap.properties:

    spring.profiles.active=dev
    
    spring.application.name=myapp
    spring.cloud.vault.kv.enabled=true
    spring.cloud.vault.kv.backend=test-backend
    
    spring.cloud.vault.uri=https://localhost:8200
    VAULT_USERNAME=usr
    VAULT_PASSWORD=pwd
    

    resources/META-INF/spring.factories

    org.springframework.cloud.bootstrap.BootstrapConfiguration=com.company.myapp.config.VaultConfig