Table of Contents
Spring Vault Repository
Spring Vault 는 Repository 방식으로도 secret 을 가져오는 방법을 제공한다.
의존성 추가
dependencies {
implementation 'org.springframework.boot:spring-boot-starter-web'
implementation 'org.springframework.vault:spring-vault-core:2.3.2'
implementation 'org.springframework.data:spring-data-keyvalue'
compileOnly 'org.projectlombok:lombok'
annotationProcessor 'org.projectlombok:lombok'
testImplementation 'org.springframework.boot:spring-boot-starter-test'
}
application.yaml
vault.props:
schema: http
host: 52.79.XXX.XXX
port: 8200
roleId: 2067e81e-beXXXXXXXXXXXX
secretId: ab42a69b-94aa-0fXXXXXXXXXXXXXXXXXXX
entity 생성
team1/logininfo
에서 값을 조회한다.
@Getter
@Secret(backend = "team1", value = "logininfo")
public class LoginInfo {
@Id
private String id;
private String username;
private String password;
}
repository 생성
public interface LoginInfoRepository extends CrudRepository<LoginInfo, String> {
}
VaultConfig 생성
@Configuration
@EnableVaultRepositories
public class VaultConfig extends AbstractVaultConfiguration {
@Value("${vault.props.schema}")
private String schema;
@Value("${vault.props.host}")
private String host;
@Value("${vault.props.port}")
private String port;
@Value("${vault.props.roleId}")
private String roleId;
@Value("${vault.props.secretId}")
private String secretId;
@Override
public VaultEndpoint vaultEndpoint() {
try {
return VaultEndpoint.from(new URI(String.format("%s://%s:%s", schema, host, port)));
} catch (URISyntaxException e) {
throw new RuntimeException(e);
}
}
@Override
public ClientAuthentication clientAuthentication() {
AppRoleAuthenticationOptions options = AppRoleAuthenticationOptions.builder()
.roleId(AppRoleAuthenticationOptions.RoleId.provided(roleId))
.secretId(AppRoleAuthenticationOptions.SecretId.provided(secretId))
.build();
return new AppRoleAuthentication(options, restOperations());
}
}
Application 수정
@RestController
@SpringBootApplication
@RequiredArgsConstructor
public class SpringVaultRepositoryApplication {
private final LoginInfoRepository repository;
@RequestMapping("/")
public String home() {
// vault kv put team1/logininfo/foo username=username1 password=password1
Optional<LoginInfo> loginInfo = repository.findById("foo");
loginInfo.ifPresent(info -> System.out.printf("username : %s%n", info.getUsername()));
loginInfo.ifPresent(info -> System.out.printf("password : %s%n", info.getPassword()));
return "OK!";
}
public static void main(String[] args) {
SpringApplication.run(SpringVaultRepositoryApplication.class, args);
}
}