我是HashiCorp Vault的新手,并设置了以Vault为后端以存储秘密,密钥等的Spring Cloud配置服务器。
问题是我能够访问默认级别存储的机密,例如:
curl -X "GET" "http://localhost:8888/myapp/default" -H "X-Config-Token: XXX"
但是,我无法访问我存储在保险柜中的配置文件特定机密。无论我将机密存储在哪个配置文件中,API始终会返回默认值,而不是配置文件特定值。
例如:
curl -X "GET" "http://localhost:8888/myapp/prod" -H "X-Config-Token: XXX"
以下是我存储在Vault(版本1.1.3)的开发实例中的秘密:
1. vault kv put secret/myapp foo=myappsdefault
2. vault kv put secret/myapp/prod foo=myappsprod
Spring云配置服务器application.yml:
spring:
profiles:
active: vault
cloud.config.server.vault.kvVersion: 2
server:
port: 8888
Spring云服务器pom.xml:
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.0.6.RELEASE</version>
<relativePath/>
</parent>
<properties>
<spring-cloud.version>Finchley.SR2</spring-cloud.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-config-server</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
</dependencies>
预期:
curl -X "GET" "http://localhost:8888/myapp/prod" -H "X-Config-Token: XXX"
{
"name": "myapp",
"profiles": [
"prod"
],
"label": null,
"version": null,
"state": null,
"propertySources": [
{
"name": "vault:myapp",
"source": {
"foo": "myappsprod"
}
}
],
}
实际:
{
"name": "myapp",
"profiles": [
"prod"
],
"label": null,
"version": null,
"state": null,
"propertySources": [
{
"name": "vault:myapp",
"source": {
"foo": "myappsdefault"
}
}
],
}
以下是文件库输出:
vault kv get secret/myapp/prod
=== Data ===
Key Value
--- -----
foo myappsprod
vault kv get secret/myapp
=== Data ===
Key Value
--- -----
foo myappsdefault
问题就变成了为什么春季云服务器仅查询默认配置文件机密而不特定于环境?
作为一个旁注,这些配置文件将应用于我存储在回购中的GIT文件,同时将Spring Cloud Server与GIT作为后端进行集成,并且我希望与Vault类似。
答案 0 :(得分:0)
经过大量的配置工作。我尝试在application.yml中添加其他属性,这对我有帮助。
application.yml的快照:
server:
port: 8888
spring:
profiles:
active: vault
cloud:
config:
server:
vault:
port: 8200
host: 127.0.0.1
kvVersion: 1
backend: kv
profileSeparator: /
#skipSslValidation: true
#defaultKey: signing
management:
endpoints:
web:
exposure:
include: '*'
其他事情是: 1.我将后端从秘密更改为kv(我的自定义秘密引擎) 2.配置文件分隔符为/(在.yml中使用/)
在我的情况下,“ profileSeparator”键起到了作用
答案 1 :(得分:0)
这不能正常工作,该应用程序始终返回默认配置文件输出。这是bootstrap.yaml
spring:
application:
name: myapp
cloud:
vault:
host: 127.0.0.1
port: 8200
scheme: http
token: ****
kvVersion: 2
backend: kv
profileSeparator: "/"
kv:
enabled: true
POM.xml具有以下依赖性
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.3.4.RELEASE</version>
<relativePath/> <!-- lookup parent from repository -->
</parent>
<properties>
<spring.cloud-version>Hoxton.SR9</spring.cloud-version>
</properties>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-vault-config</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-vault-config</artifactId>
</dependency>
任何线索都将有用