Search code examples

Vault UserPass authentication with Spring boot

I need to connect to Vault from my spring boot microservice. To get the vault token, the service needs to login to vault by providing username and password. Spring-vault integration doesn't support this behaviour by default.

I came across this SO question and tried the approach but it results in BeanDefinitionStoreException, as the bean named clientAuthentication is already defined.

Later I have referred this example and extend AbstractVaultConfiguration. Now my configuration hierarchy looks like the below:

@Configuration(proxyBeanMethods = false)
public abstract class AbstractVaultConfiguration implements ApplicationContextAware {
  public abstract VaultEndpoint vaultEndpoint();
  public abstract ClientAuthentication clientAuthentication();
  // other methods and bean definitions

public class EnvironmentVaultConfiguration extends AbstractVaultConfiguration implements 
ApplicationContextAware {
  // other methods

public class VaultCustomConfig extends AbstractVaultConfiguration {
public VaultEndpoint vaultEndpoint() {
    return VaultEndpoint.create("", 443);

public ClientAuthentication clientAuthentication() {
    //logic to fetch token

First two classes are provided by spring-vault. I have added the last one and also put entry in spring.factories:


The application is starting but getting 403 error. When I exclude EnvironmentVaultConfiguration from auto configuration, getting exceptions that many beans are not created(ex-vaultTemplate). I am able to contact vault API and fetch the token using RestTemplate. The challenge is setting that token before the app tries to contact vault(through spring-vault support).

Instead of overriding vault configuration, I tried setting an environment variable named vault.token which will be read by spring during start-up, but that is also not working(probably I missed something).

How can I override the built-in configuration and provide the token?


  • Spring reads vault token from this property I have created a custom PropertySourceLocator and added the token:

    public class VaultCustomPropertySourceLocator implements PropertySourceLocator {
    public PropertySource<?> locate(Environment environment) {
        Properties props = new Properties();
        props.setProperty("", getVaultAuthToken());
        PropertiesPropertySource ps = new PropertiesPropertySource("customPropsSource",props);
        return ps;
    private String getVaultAuthToken() {
        // logic to fetch vault token