我正在研究如何使用Vault 0.11.1和Spring Vault 2.0.2.RELEASE。我已经建立了一个开发保险柜:
vault server -dev
并添加了一些数据
vault kv put secret/certs/jan cert=ABCD
我可以在Spring Vault中阅读
@Autowired
private VaultOperations operations;
String path = "secret/data/certs/jan";
System.out.println(operations.read(path).getData());
请注意,奇怪的是,我必须在路径中插入“ data /”以再次找到它。
删除数据也可以:
operations.delete(path);
但是用来写数据
Secret secret = new Secret("ABCD");
operations.write(path, secret);
失败
org.springframework.vault.VaultException: Status 400 secret/data/certs/jan: no data provided
秘密是一个简单的bean:
@AllArgsConstructor
@NoArgsConstructor
@Data
public class Secret {
String cert;
}
和jason转换似乎正常:
DEBUG org.springframework.web.client.RestTemplate - Writing [Secret(cert=ABCD)] using [org.springframework.http.converter.json.MappingJackson2HttpMessageConverter@add0edd]
只需尝试编写一个字符串
operations.write(path, "foo=bar");
也失败:
Status 400 secret/data/certs/jan: failed to parse JSON input: invalid character 'o' in literal false (expecting 'a')
答案 0 :(得分:4)
It looks like you're using Vault's versioned Key-Value backend. New instances of Vault 0.10 and newer mount the versioned backend by default at secret/
which requires you to use a specific API.
There are subtle API differences between the unversioned (v1) and versioned (v2) Key Value backend, that add additional elements to the context path and the actual JSON payload.
Example for Key-Value backend v1:
POST /v1/secret/certs/jan
{"key":"value"}
Example for Key-Value backend v2:
POST /v1/secret/data/certs/jan
{"data":{"key":"value"}}
For using Spring Vault, this means that you need to upgrade to version 2.1.0 and use the VaultKeyValueOperations
API:
VaultKeyValueOperations keyValue = vaultOperations.opsForKeyValue("secret", KeyValueBackend.versioned());
keyValue.put("certs/jan", secret);