Spring Vault Repository

By skyer9 | 2022년 10월 18일

0 Comment

Table of Contents

Spring Vault Repository

Spring Vault 는 Repository 방식으로도 secret 을 가져오는 방법을 제공한다.

의존성 추가

dependencies {
    implementation 'org.springframework.boot:spring-boot-starter-web'
    implementation 'org.springframework.vault:spring-vault-core:2.3.2'
    implementation 'org.springframework.data:spring-data-keyvalue'
    compileOnly 'org.projectlombok:lombok'
    annotationProcessor 'org.projectlombok:lombok'
    testImplementation 'org.springframework.boot:spring-boot-starter-test'
}

application.yaml

vault.props:
  schema: http
  host: 52.79.XXX.XXX
  port: 8200
  roleId: 2067e81e-beXXXXXXXXXXXX
  secretId: ab42a69b-94aa-0fXXXXXXXXXXXXXXXXXXX

entity 생성

team1/logininfo 에서 값을 조회한다.

@Getter
@Secret(backend = "team1", value = "logininfo")
public class LoginInfo {
    @Id
    private String id;

    private String username;
    private String password;
}

repository 생성

public interface LoginInfoRepository extends CrudRepository<LoginInfo, String> {
}

VaultConfig 생성

@Configuration
@EnableVaultRepositories
public class VaultConfig extends AbstractVaultConfiguration {

    @Value("${vault.props.schema}")
    private String schema;

    @Value("${vault.props.host}")
    private String host;

    @Value("${vault.props.port}")
    private String port;

    @Value("${vault.props.roleId}")
    private String roleId;

    @Value("${vault.props.secretId}")
    private String secretId;

    @Override
    public VaultEndpoint vaultEndpoint() {
        try {
            return VaultEndpoint.from(new URI(String.format("%s://%s:%s", schema, host, port)));
        } catch (URISyntaxException e) {
            throw new RuntimeException(e);
        }
    }

    @Override
    public ClientAuthentication clientAuthentication() {
        AppRoleAuthenticationOptions options = AppRoleAuthenticationOptions.builder()
                .roleId(AppRoleAuthenticationOptions.RoleId.provided(roleId))
                .secretId(AppRoleAuthenticationOptions.SecretId.provided(secretId))
                .build();
        return new AppRoleAuthentication(options, restOperations());
    }
}

Application 수정

@RestController
@SpringBootApplication
@RequiredArgsConstructor
public class SpringVaultRepositoryApplication {

    private final LoginInfoRepository repository;

    @RequestMapping("/")
    public String home() {
        // vault kv put team1/logininfo/foo username=username1 password=password1
        Optional<LoginInfo> loginInfo = repository.findById("foo");

        loginInfo.ifPresent(info -> System.out.printf("username : %s%n", info.getUsername()));
        loginInfo.ifPresent(info -> System.out.printf("password : %s%n", info.getPassword()));

        return "OK!";
    }

    public static void main(String[] args) {
        SpringApplication.run(SpringVaultRepositoryApplication.class, args);
    }
}

Post Views: 486

답글 남기기 응답 취소

댓글을 달기 위해서는 로그인해야합니다.

Iconic One Theme | Powered by Wordpress