spring Vault位置[秘密/我的应用程序]无法解析:找不到

时间:2020-07-08 09:35:07

标签: spring spring-vault

我想连接到Vault服务器并在spring应用程序中读取我的秘密

库配置:

spring:
  application:
    name: inquiry
  profiles:
    active: dev
  cloud:
    vault:
      kv:
        enabled: true
        backend: secret
        profile-separator: '/'
        application-name: inquiry
      host: development
      port: 8200
      scheme: https
      authentication: token
      token: my-token
      ssl:
        trust-store: development-truststore.jks
        trust-store-password: pass

我在保管库中有查询策略,在其中添加附加查询令牌

vault policy read inquiry
path "secret/*" {
  capabilities = ["read", "list"]
}

path "secret/data/inquiry/*" {
  capabilities = ["read", "create", "update"]
}

curl --header "X-Vault-Token:my-token" -k https://localhost:8200/v1/secret/data/inquiry/dev

返回我的数据

{"request_id":"35548b9e-3422-201b-6243-a600d7f61fc3","lease_id":"","renewable":false,"lease_duration":0,"data":{"data":{"DBPassword":"pass","DBUser":"user"},"metadata":{"created_time":"2020-07-08T09:02:42.237713857Z","deletion_time":"","destroyed":false,"version":1}},"wrap_info":null,"warnings":null,"auth":null}

但是在春天我遇到了这个错误:

2020-07-08 13:55:50.131  INFO 83792 --- [           main] o.s.v.a.LifecycleAwareSessionManager     : Scheduling Token renewal
2020-07-08 13:55:50.159  INFO 83792 --- [           main] o.s.v.c.e.LeaseAwareVaultPropertySource  : Vault location [secret/inquiry] not resolvable: Not found
2020-07-08 13:55:50.167  INFO 83792 --- [           main] o.s.v.c.e.LeaseAwareVaultPropertySource  : Vault location [secret/application/dev] not resolvable: Not found
2020-07-08 13:55:50.174  INFO 83792 --- [           main] o.s.v.c.e.LeaseAwareVaultPropertySource  : Vault location [secret/application] not resolvable: Not found
2020-07-08 13:55:50.175  INFO 83792 --- [           main] b.c.PropertySourceBootstrapConfiguration : Located property source: [BootstrapPropertySource {name='bootstrapProperties-secret/inquiry/dev'}, BootstrapPropertySource {name='bootstrapProperties-secret/inquiry'}, BootstrapPropertySource {name='bootstrapProperties-secret/application/dev'}, BootstrapPropertySource {name='bootstrapProperties-secret/application'}]
2020-07-08 13:55:50.181  INFO 83792 --- [           main] i.c.i.sepam.inquiry.InquiryApplication   : The following profiles are active: dev

我使用jdk14。 我该怎么解决,谢谢

1 个答案:

答案 0 :(得分:0)

问题出在您的保险柜政策中。

path "secret/data/inquiry/*" {
  capabilities = ["read", "create", "update"]
}

丢掉结尾的/,只剩下secret/data/inquiry* Spring希望在查询时访问k / v商店,而不是在子目录中。

Spring正在请求访问secret/app-namesecret/applicationsecret/app-name/spring-active-profile上的k / v存储。对于每条路径,它都期望一个包含所有秘密的单个k / v存储。

我以为这是由海报解决的,但是当我遇到不熟悉spring设置我的应用程序权限的人时,我也遇到了同样的事情。

相关问题
最新问题