1

I'm facing the same problem as bootstrap.yml configuration not processed anymore with Spring Cloud 2020.0. I updated spring boot cloud to the version 3.0.3. My config is:

spring:
  config:
    import: vault://
   cloud:
    vault:
      enabled: true
      uri: ${uri}
      authentication: APPROLE
      kv:
        enabled: true
        backend: secrets
        application-name: ${path}
      generic:
        enabled: false
      app-role:
        role-id: ${role_id}
        secret-id: ${secret_id}

The connection settings seems to be ok because there are some 'permission denied' log entries (path to this vault in invalid)

Vault location [secrets/application/develop] not resolvable: Status 403 Forbidden [secrets/data/application/develop]: 1 error occurred: * permission denied ; nested exception is org.springframework.web.client.HttpClientErrorException$Forbidden: 403 Forbidden: [{"errors":["1 error occurred:\n\t* permission denied\n\n"]}

Any hints what's wrong?

sge
  • 391
  • 2
  • 16
  • Maybe this article will help you https://www.gitmemory.com/issue/spring-cloud/spring-cloud-vault/452/690277226 – 4EACH Sep 10 '21 at 14:03
  • Thanks for the hint but i had this kind of logs already before the update. – sge Sep 13 '21 at 07:08

1 Answers1

2

I found the problem. it's not working when application-name is defined at spring.cloud.vault.kv.application-name. It has to be defined as spring.cloud.vault.application-name but according to https://github.com/spring-cloud/spring-cloud-vault/blob/main/docs/src/main/asciidoc/secret-backends.adoc it should also work for spring.cloud.vault.kv.application-name....

spring:
  config:
    import: vault://
   cloud:
    vault:
      enabled: true
      uri: ${uri}
      authentication: APPROLE
      application-name: ${path}
      kv:
        enabled: true
        backend: secrets
      generic:
        enabled: false
      app-role:
        role-id: ${role_id}
        secret-id: ${secret_id}
sge
  • 391
  • 2
  • 16