3

I'm in a project where we're using Spring Cloud Config Server with Vault backend and I don't know why we need the cloud config server. Before I attempt to move this to a simpler implementation with Spring Cloud Vault, I want to know if there is a reason I would keep Spring Cloud Config with Vault.

I know there's a similar question out there already but it does not answer why we would use one over the other: Difference between Spring Cloud Vault and Spring Cloud Config with Vault backend

Dany
  • 31
  • 1
  • 5

1 Answers1

2

This is more like a long comment than a specific answer since I think this question is a bit off topic since it looks like an opinion based question.

Spring Cloud Vault is a maven dependency on your project like this: org.springframework.cloud spring-cloud-starter-vault-config

With above dependency you have just to create the bootstrap.yml (or .properties) with vault properties on your project and it is going to connect to vault. So, if you have one spring boot application then your backend would look like:

[yourApp:8080] --> [vault:8200]

On the other hand, if you use Spring Cloud Config with vault then you have actually two separate spring boot applications (let say microservices) and also vault, so you would have: 

[yourApp:8080] --> [cloudConfig:8888] --> [vault:8200]

In addition, despite you can use Spring Cloud Vault instead of Spring Cloud Config to pull properties, vault intention is to store secrets (sensitive information, credentials, etc) so Spring Cloud Vault helps you to connect your application to vault. Spring Cloud Config server is focused to centralize applications properties storage, it also provides multiple endpoints to fetch these properties and much more features that helps on a microservice architecture.

Federico Piazza
  • 30,085
  • 15
  • 87
  • 123
  • 1
    The question wasn't meant to come off expecting an opinion as an answer. I'm asking if there is a legitimate technical reason and scenario where `Spring Cloud Config` is superior to `Spring Cloud Vault` – Dany Mar 12 '19 at 16:30
  • @Dany they have different purposes. Spring Cloud Config intention is to centralized configuration for distributed system, where Vault is secret storage. Spring Cloud Vault helps you pull secrets from vault. – Federico Piazza Apr 03 '19 at 20:05
  • Ahh - so, is it that `Spring Cloud Config` allows me to consolidate configs from multiple sources (including vault), whereas `Spring Cloud Vault` limits my configurations to be backed by vault only? – Dany Sep 25 '19 at 04:09
  • @Dany correct. Spring Cloud Config purpose is to centralize all microservices configuration, while Spring Cloud Vault purpose is to store secrets. – Federico Piazza Sep 25 '19 at 13:43
  • However, Vault can be used to store non-secrets (common configuration data) and then the question remains whether an additional Spring Cloud Config server has an advantage. – deamon Jul 16 '21 at 07:14