I need some help to configure Micronaut with Vault. I'm trying to load secrets from my local Vault on my application.yml properties from Micronaut.
I have downloaded the Vault CLI and started a dev server, and before that, I have configured a secret in the kv secret-engine with vault kv put secret/application SECRET_GENERATOR_JWT=foobar
For Micronaut, I'm reading the official documentation to configure the connection with the Vault, but when I start the application locally, I receive the following error:
ERROR io.micronaut.runtime.Micronaut - Error starting Micronaut server: Bean definition [io.micronaut.security.token.jwt.signature.secret.SecretSignatureConfiguration] could not be loaded: Error instantiating bean of type [io.micronaut.security.token.jwt.signature.secret.SecretSignatureConfiguration]: Could not resolve placeholder ${SECRET_GENERATOR_JWT}
How can I solve this problem with Vault?
This is my Micronaut's application.yml
micronaut:
application:
name: hello
config-client:
enabled: true
security:
authentication: bearer
token:
jwt:
signatures:
secret:
generator:
secret: ${SECRET_GENERATOR_JWT}
vault:
client:
token: s.pkUenRJ2TCNOPYghsd5an0Iw
uri: http://127.0.0.1:8200
config:
enabled: true
secret-engine-name: secret
This is the Maven's dependency section:
<dependencies>
<dependency>
<groupId>io.micronaut</groupId>
<artifactId>micronaut-inject</artifactId>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>ch.qos.logback</groupId>
<artifactId>logback-classic</artifactId>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>io.micronaut</groupId>
<artifactId>micronaut-http-server-netty</artifactId>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.junit.jupiter</groupId>
<artifactId>junit-jupiter-api</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.junit.jupiter</groupId>
<artifactId>junit-jupiter-engine</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>io.micronaut.test</groupId>
<artifactId>micronaut-test-junit5</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>io.micronaut.security</groupId>
<artifactId>micronaut-security-jwt</artifactId>
</dependency>
<dependency>
<groupId>io.micronaut</groupId>
<artifactId>micronaut-discovery-client</artifactId>
</dependency>
</dependencies>
And my annotationProcessorPaths:
<configuration>
<annotationProcessorPaths>
<path>
<!-- must precede micronaut-inject-java -->
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
<version>${lombok.version}</version>
</path>
<path>
<groupId>io.micronaut</groupId>
<artifactId>micronaut-inject-java</artifactId>
<version>${micronaut.version}</version>
</path>
<path>
<groupId>io.micronaut.security</groupId>
<artifactId>micronaut-security-annotations</artifactId>
<version>${micronaut.security.version}</version>
</path>
</annotationProcessorPaths>
<compilerArgs>
<arg>-Amicronaut.processing.group=hello.world.cli.maven</arg>
<arg>-Amicronaut.processing.module=hello-world-cli-maven</arg>
</compilerArgs>
</configuration>
Micronaut version: 2.3.2
To make it work you need to provide the environment variable or put a default value.
The first option is to set the variable environment like:
$ export SECRET_GENERATOR_JWT="superSecreteGeneratorJWT"
$ ./mvnw mn:run
the second option is configure your application.yml like this:
micronaut:
application:
name: hello
config-client:
enabled: true
security:
authentication: bearer
token:
jwt:
signatures:
secret:
generator:
secret: ${SECRET_GENERATOR_JWT:`superSecreteGeneratorJWT`}
in this way you will be setting your environment variable correctly.
Further info https://docs.micronaut.io/latest/guide/index.html#propertySource
Then you have to inject it like:
import io.micronaut.context.annotation.Value;
import javax.inject.Singleton;
@Singleton
public class YourServices {
private final String secret;
YourServices(@Value("${micronaut.security.token.jwt.signatures.secret.generator.secret}") String secret) {
this.secret = secret;
}
}
More info: https://docs.micronaut.io/latest/guide/index.html#valueAnnotation