Spring vault does not use the new token after login
I am trying to read secrets from vault using Spring vault cloud. I use a service token type.
In my set-up the max_ttl is set to 1h and ttl to 10 minutes, so the token will be renewed at every 10 minutes till the max_ttl is reached. Once the max_ttl is reached, the token will be dropped/revoked and a new login is performed, receving a new token.
The issue is that when trying to read secrets, the old expired token is still used.
Any idea why this happens?
Using:
- spring-cloud-config-2.2.3
- spring-vault-core-2.2.0
- Kubernetes
Vault audit logs:
The issue does not reproduce anymore as we disable the use of the reactive org.springframework.vault.authentication.ReactiveLifecycleAwareSessionManager in favor of the "classic: one: org.springframework.vault.authentication.LifecycleAwareSessionManager.
For disabling it, we set:
spring.cloud.vault.reactive.enabled=false
- Which Spring Cloud AWS version should be used with Spring Boot 3?
- High memory usage in JVM level - org.springframework.boot.actuate.autoconfigure.metrics.AutoConfiguredCompositeMeterRegistry
- Configure CORS policy for Spring Cloud Gateway
- Calling a service name using RestClient, HttpInterfaces and Eureka
- How to disable Spring Cloud Kubernetes in a Maven build
- What is the difference between putting a property on application.yml or bootstrap.yml in spring boot?
- Error starting up Eureka Client with Spring Boot 2.4.1
- Exception when shutting down service using Eureka - Spring Cloud
- What is difference between fault tolerance and fault resilience?
- Can't connect to cloud config server, from inside docker compose
- bean creation error when starting spring boot application
- Why does calling my microservice in Java Spring Boot returns 403 Forbidden?
- Keycloak with Spring Cloud Gateway
- EnableEurekaClient import doesn't exist
- Cannot connect to remote Kubernetes service - SERVICE_UNAVAILABLE
- How to trace HTTP requests in Spring Boot 3 with Micrometer & Zipkin
- How to register non Spring Boot MicroService in Eureka discovery server
- Spring Cloud Gate Request Timeout Not working for path
- Is it possible to have two implementations of MailSender in the Spring Boot app?
- Services sometime register to eureka as localhost. Eureka replication
- How spring cloud config use local property override remote property
- Spring Cloud Gateway with Spring Security for Register / Login using JWT Authententication. 403 Forbidden Error
- Spring Cloud AWS SQS Deletion Policy
- Where can I see list of services registered in Kubernetes Discovery?
- Spring Cloud API Gateway - spring.cloud.gateway.discovery.locator.lower-case-service-id=true not working for urls - 404 Not Found
- Switch between static and dynamic Azure App Configuration service
- Could not transfer artifacts from/to central maven repo when using Spring Framework Cloud
- Handling feign exception in Spring boot using RestControllerAdvice
- How to use multiple secrets sources in Spring Cloud Kubernetes
- How to register a Eureka client with multiple names?