Vault with Spring

By | 2022년 10월 17일
Table of Contents

Vault with Spring

여러가지 찾아보았는데…
결과적으로 아래 방식이 가장 간단하고 이해하기 쉽군요.

의존성 추가

dependencies {
    implementation 'org.springframework.boot:spring-boot-starter-web'
    implementation 'org.springframework.vault:spring-vault-core:2.3.2'
    compileOnly 'org.projectlombok:lombok'
    annotationProcessor 'org.projectlombok:lombok'
    testImplementation 'org.springframework.boot:spring-boot-starter-test'
}

application.yaml

vault.props:
  schema: http
  host: 52.79.XXX.XXX
  port: 8200
  roleId: 2067e81e-beXXXXXXXXXXXX
  secretId: ab42a69b-94aa-0fXXXXXXXXXXXXXXXXXXX
  path: team1/foo

DTO

@Getter
@Setter
public class VaultDTO {
    private String username;
    private String password;
}

config

VaultEndpoint 에 대한 다른 설정방법은 여기 에서 확인할 수 있다.

다른 인증방법은 여기 에서 확인할 수 있다.

@Configuration
public class VaultConfig extends AbstractVaultConfiguration {

    @Value("${vault.props.schema}")
    private String schema;

    @Value("${vault.props.host}")
    private String host;

    @Value("${vault.props.port}")
    private String port;

    @Value("${vault.props.roleId}")
    private String roleId;

    @Value("${vault.props.secretId}")
    private String secretId;

    @Value("${vault.props.path}")
    private String vaultPath;

    @Override
    public VaultEndpoint vaultEndpoint() {
        try {
            return VaultEndpoint.from(new URI(String.format("%s://%s:%s", schema, host, port)));
        } catch (URISyntaxException e) {
            throw new RuntimeException(e);
        }
    }

    @Override
    public ClientAuthentication clientAuthentication() {
        AppRoleAuthenticationOptions options = AppRoleAuthenticationOptions.builder()
                .roleId(AppRoleAuthenticationOptions.RoleId.provided(roleId))
                .secretId(AppRoleAuthenticationOptions.SecretId.provided(secretId))
                .build();
        return new AppRoleAuthentication(options, restOperations());
    }

    public VaultDTO getDTO() {
        // secret 생성하기
        // VaultDTO vaultDTO = new VaultDTO();
        // vaultDTO.setUsername("username1");
        // vaultDTO.setPassword("password1");
        //
        // vaultTemplate.write("team1/foo2", vaultDTO);

        // vault kv put team1/foo username=username1 password=password1
        return Objects.requireNonNull(vaultTemplate().read(vaultPath, VaultDTO.class)).getData();
    }
}

Application

@RestController
@SpringBootApplication
@RequiredArgsConstructor
public class VaultTestApplication {

    private final VaultConfig vaultConfig;

    @RequestMapping("/")
    public String home() {
        VaultDTO vaultDTO = vaultConfig.getDTO();

        System.out.printf("username : %s%n", vaultDTO.getUsername());
        System.out.printf("password : %s%n", vaultDTO.getPassword());

        return "OK!";
    }

    public static void main(String[] args) {
        SpringApplication.run(VaultTestApplication.class, args);
    }
}

답글 남기기