Spring Examples - Vault



Table of Contents

Step 1: Maven Dependencies

Add the latest version of spring-vault-core to the POM.xml of your spring application. It can be found on Maven Central. To see how to create a spring application you can visit Spring Example - HelloWorld

<dependencies>
    <dependency>
        <groupId>org.springframework.vault</groupId>
        <artifactId>spring-vault-core</artifactId>
        <version>2.2.2.RELEASE</version>
    </dependency>
</dependencies>

Step 2: Create VaultTemplate

To protect our secrets, we're supposed to instantiate a VaultTemplate for which VaultEndpoint and TokenAuthentication instances are needed:

VaultTemplate vaultTemplate = new VaultTemplate(new VaultEndpoint(), 
  new TokenAuthentication("00000000-0000-0000-0000-000000000000"));

Step 3: Create VaultEndpoint

There are various ways to instantiate VaultEndpoint.

  1. The first one is to simply instantiate it using a default constructor, which will create a default endpoint pointing to http://localhost:8200
VaultEndpoint endpoint = new VaultEndpoint();
  1. the second way is to create a VaultEndpoint by specifying host and port of the Vault instance.
VaultEndpoint endpoint = VaultEndpoint.create("host", port);
  1. And finally, it is also possible to create it from the Vault URL:
VaultEndpoint endpoint = VaultEndpoint.from(new URI("vault uri"));

Vault will be configured with a root token of 00000000-0000-0000-0000-000000000 to run this program.

We used TokenAuthentication in our example, but there are other authentication methods supported as well.

Step 4: Configuring Vault Beans

With Spring, we can configure the Vault in a few ways. One is by extending the AbstractVaultConfiguration, and the other is by using EnvironmentVaultConfiguration, which uses the application properties.

AbstractVaultConfiguration

Build a class that extends the AbstractVaultConfiguration to configure the Spring Vault:

@Configuration
public class VaultConfig extends AbstractVaultConfiguration {
 
    @Override
    public ClientAuthentication clientAuthentication() {
        return new TokenAuthentication("00000000-0000-0000-0000-000000000000");
    }
 
    @Override
    public VaultEndpoint vaultEndpoint() {
        return VaultEndpoint.create("host", 8020);
    }
}

We just have to provide the implementation to configure VaultEndpoint and ClientAuthentication.

EnvironmentVaultConfiguration

You can also configure the Spring Vault using EnviromentVaultConfiguration:

@Configuration
@PropertySource(value = { "vault-config.properties" })
@Import(value = EnvironmentVaultConfiguration.class)
public class VaultEnvironmentConfig {
}

EnvironmentVaultConfiguration uses the Spring PropertySource to configure the Vault beans. We just need to provide some acceptable entries to the properties file. Further information on all predefined properties can be found in the official documents. We need at least a few properties to configure the Vault:

vault.uri=https://localhost:8200
vault.token=00000000-0000-0000-0000-000000000000

Step 5: Securing Secrets

As a primary usecase, create a simple Credentials class containing username and password:

public class Credentials {
 
    private String username;
    private String password;
     
    // standard constructors, getters, setters
}

With the use of VaultTemplate, we can secure our Credentials object :

Credentials credentials = new Credentials("username", "password");
vaultTemplate.write("secret/myapp", credentials);

With the above lines, we have stored our secrets.

In the next step, we will see how we can access them.

Step 6: Accessing Secrets

By using the read() method of VaultTemplate, we are able to access the secured secrets. The read() method returns the VaultResponseSupport as a response:

VaultResponseSupport<Credentials> response = 
			vaultTemplate.read("secret/myapp", Credentials.class);
String username = response.getData().getUsername();
String password = response.getData().getPassword();

The saved secret values are now available in the application.



The complete source code used in this tutorial is available over on GitLab

This example code belongs to this tutorial: Spring Vault