Search code examples
javaspringspring-boothashicorp-vault

Invalid Spring Config Server Configuration (Vault as Backend)

I want to create a config server with vault backend and followed these steps:

  1. install vault
  2. create and run server using:
storage "raft" {
  path    = "./vault/data"
  node_id = "node1"
}

listener "tcp" {
  address     = "127.0.0.1:8200"
  tls_disable = "true"
}

api_addr = "http://127.0.0.1:8200"
cluster_addr = "https://127.0.0.1:8201"
ui = true
  1. check server status
Key                     Value
---                     -----
Seal Type               shamir
Initialized             true
Sealed                  false
Total Shares            5
Threshold               3
Version                 1.14.1
Build Date              2023-07-21T10:15:14Z
Storage Type            raft
Cluster Name            vault-cluster-d9454c69
Cluster ID              36c8d03f-522d-d9e9-4ae4-cceea7074298
HA Enabled              true
HA Cluster              https://127.0.0.1:8201
HA Mode                 active
Active Since            2023-08-08T09:12:40.45953Z
Raft Committed Index    40
Raft Applied Index      40

Vault is unsealed previously by cli commands.

  1. Setup Spring Configuration
server:
  port: 8888

spring:
  application:
    name: config-server
  cloud:
    config:
      server:
        vault:
          host: localhost
          port: 8200
          scheme: https
          backend: kv
          token: <<added token from vault operator init command>>
  1. Spring Apllication
@SpringBootApplication
@EnableConfigServer
public class CloudConfigServerApplication {

    public static void main(String[] args) {
        SpringApplication.run(CloudConfigServerApplication.class, args);
    }

}

when i try to run this:

***************************
APPLICATION FAILED TO START
***************************

Description:

Invalid config server configuration.

Action:

If you are using the git profile, you need to set a Git URI in your configuration.  If you have set spring.cloud.config.server.bootstrap=true, you need to use a composite configuration.

tried different things and resources but couldnt find a solution for this one. Anyone can help to identify what is the problem?

UPDATE

I changed scheme to http and ran the server

server:
  port: 8888

spring:
  application:
    name: config-server
  cloud:
    config:
      server:
        vault:
          host: localhost
          port: 8200
          scheme: http
          backend: kv
          token: <<added token from vault operator init command>>

still same error showing. Feels like spring fails before attempt to connect

Solution

  • You need to enable the vault profile.

    server:
  port: 8888

spring:
  profiles:
    active: vault
  application:
    name: config-server
  cloud:
    config:
      server:
        vault:
          host: localhost
          port: 8200
          scheme: http
          backend: kv
          authentication: TOKEN
          kv-version: 2
          token: <<root token>>

    Regarding kv version, kv version 2 adds /data path to its API. It seems every example in the pattern of vault kv put secret/application foo=bar baz=bam in the internet doesn't work. Following rest api calls creates key values in config-server path for v2 API.

    create data

    curl --location 'http://127.0.0.1:8200/v1/kv/data/config-server' \
--header 'X-Vault-Token: <<vault root token>>' \
--header 'Content-Type: application/json' \
--data '{"data":{"foo":"baz"}}'

    get data

    curl --location 'http://localhost:8200/v1/kv/data/config-server' \
--header 'X-Vault-Token: <<vault root token>>'

    check via spring config server

    curl --location 'http://localhost:8888/config-server/default' \
--header 'X-Config-Token: <<vault root token>>'

    Please note that application name used here is config-server. Also v1 type seems to be working with the examples in the documentation.