3

I want to connect to the vault server and read my secret in the spring application

vault config:

spring:
  application:
    name: inquiry
  profiles:
    active: dev
  cloud:
    vault:
      kv:
        enabled: true
        backend: secret
        profile-separator: '/'
        application-name: inquiry
      host: development
      port: 8200
      scheme: https
      authentication: token
      token: my-token
      ssl:
        trust-store: development-truststore.jks
        trust-store-password: pass

in the vault, I have inquiry policy add attache inquiry token to it

vault policy read inquiry
path "secret/*" {
  capabilities = ["read", "list"]
}

path "secret/data/inquiry/*" {
  capabilities = ["read", "create", "update"]
}

curl --header "X-Vault-Token:my-token" -k https://localhost:8200/v1/secret/data/inquiry/dev

return my data

{"request_id":"35548b9e-3422-201b-6243-a600d7f61fc3","lease_id":"","renewable":false,"lease_duration":0,"data":{"data":{"DBPassword":"pass","DBUser":"user"},"metadata":{"created_time":"2020-07-08T09:02:42.237713857Z","deletion_time":"","destroyed":false,"version":1}},"wrap_info":null,"warnings":null,"auth":null}

but in spring I got this error:

2020-07-08 13:55:50.131  INFO 83792 --- [           main] o.s.v.a.LifecycleAwareSessionManager     : Scheduling Token renewal
2020-07-08 13:55:50.159  INFO 83792 --- [           main] o.s.v.c.e.LeaseAwareVaultPropertySource  : Vault location [secret/inquiry] not resolvable: Not found
2020-07-08 13:55:50.167  INFO 83792 --- [           main] o.s.v.c.e.LeaseAwareVaultPropertySource  : Vault location [secret/application/dev] not resolvable: Not found
2020-07-08 13:55:50.174  INFO 83792 --- [           main] o.s.v.c.e.LeaseAwareVaultPropertySource  : Vault location [secret/application] not resolvable: Not found
2020-07-08 13:55:50.175  INFO 83792 --- [           main] b.c.PropertySourceBootstrapConfiguration : Located property source: [BootstrapPropertySource {name='bootstrapProperties-secret/inquiry/dev'}, BootstrapPropertySource {name='bootstrapProperties-secret/inquiry'}, BootstrapPropertySource {name='bootstrapProperties-secret/application/dev'}, BootstrapPropertySource {name='bootstrapProperties-secret/application'}]
2020-07-08 13:55:50.181  INFO 83792 --- [           main] i.c.i.sepam.inquiry.InquiryApplication   : The following profiles are active: dev

I use the jdk14. how can I solve it, thank you

farhad
  • 373
  • 2
  • 14
  • 28

1 Answers1

1

The issue is in your Vault Policy.

path "secret/data/inquiry/*" {
  capabilities = ["read", "create", "update"]
}

drop the trailing / and just have secret/data/inquiry* Spring is looking for access to a k/v store at inquiry, not in a sub-directory.

Spring is requesting access to k/v stores at secret/app-name, secret/application and secret/app-name/spring-active-profile. For each path, it expects a single k/v store that contains all the secrets.

I'm assuming this was solved a while ago by the poster, but I ran into this exact same thing when I had someone unfamiliar with spring setting up my app's permissions.

Eric
  • 155
  • 2
  • 8
  • Can you please share your spring vault config with "kv" value ? We are facing the similar issue, our code was working with "non-versioning (Version 1)" part and then when we migrated to the "versioned (KV or Version 2)" on it stopped working and giving the same issue described in the above logs. – sagar27 May 20 '21 at 15:57