Table of Contents
Vault with Spring
여러가지 찾아보았는데…
결과적으로 아래 방식이 가장 간단하고 이해하기 쉽군요.
의존성 추가
dependencies {
implementation 'org.springframework.boot:spring-boot-starter-web'
implementation 'org.springframework.vault:spring-vault-core:2.3.2'
compileOnly 'org.projectlombok:lombok'
annotationProcessor 'org.projectlombok:lombok'
testImplementation 'org.springframework.boot:spring-boot-starter-test'
}
application.yaml
vault.props:
schema: http
host: 52.79.XXX.XXX
port: 8200
roleId: 2067e81e-beXXXXXXXXXXXX
secretId: ab42a69b-94aa-0fXXXXXXXXXXXXXXXXXXX
path: team1/foo
DTO
@Getter
@Setter
public class VaultDTO {
private String username;
private String password;
}
config
VaultEndpoint 에 대한 다른 설정방법은 여기 에서 확인할 수 있다.
다른 인증방법은 여기 에서 확인할 수 있다.
@Configuration
public class VaultConfig extends AbstractVaultConfiguration {
@Value("${vault.props.schema}")
private String schema;
@Value("${vault.props.host}")
private String host;
@Value("${vault.props.port}")
private String port;
@Value("${vault.props.roleId}")
private String roleId;
@Value("${vault.props.secretId}")
private String secretId;
@Value("${vault.props.path}")
private String vaultPath;
@Override
public VaultEndpoint vaultEndpoint() {
try {
return VaultEndpoint.from(new URI(String.format("%s://%s:%s", schema, host, port)));
} catch (URISyntaxException e) {
throw new RuntimeException(e);
}
}
@Override
public ClientAuthentication clientAuthentication() {
AppRoleAuthenticationOptions options = AppRoleAuthenticationOptions.builder()
.roleId(AppRoleAuthenticationOptions.RoleId.provided(roleId))
.secretId(AppRoleAuthenticationOptions.SecretId.provided(secretId))
.build();
return new AppRoleAuthentication(options, restOperations());
}
public VaultDTO getDTO() {
// secret 생성하기
// VaultDTO vaultDTO = new VaultDTO();
// vaultDTO.setUsername("username1");
// vaultDTO.setPassword("password1");
//
// vaultTemplate.write("team1/foo2", vaultDTO);
// vault kv put team1/foo username=username1 password=password1
return Objects.requireNonNull(vaultTemplate().read(vaultPath, VaultDTO.class)).getData();
}
}
Application
@RestController
@SpringBootApplication
@RequiredArgsConstructor
public class VaultTestApplication {
private final VaultConfig vaultConfig;
@RequestMapping("/")
public String home() {
VaultDTO vaultDTO = vaultConfig.getDTO();
System.out.printf("username : %s%n", vaultDTO.getUsername());
System.out.printf("password : %s%n", vaultDTO.getPassword());
return "OK!";
}
public static void main(String[] args) {
SpringApplication.run(VaultTestApplication.class, args);
}
}