This version is still in development and is not considered stable yet. For the latest stable version, please use Spring Cloud Config 4.1.4!

CredHub Backend

Spring Cloud Config Server supports CredHub as a backend for configuration properties. You can enable this feature by adding a dependency to Spring CredHub.

pom.xml

<dependencies>
	<dependency>
		<groupId>org.springframework.credhub</groupId>
		<artifactId>spring-credhub-starter</artifactId>
	</dependency>
</dependencies>

The following configuration uses mutual TLS to access a CredHub:

spring:
  profiles:
    active: credhub
  cloud:
    config:
      server:
        credhub:
          url: https://credhub:8844

The properties should be stored as JSON, such as:

credhub set --name "/demo-app/default/master/toggles" --type=json
value: {"toggle.button": "blue", "toggle.link": "red"}

credhub set --name "/demo-app/default/master/abs" --type=json
value: {"marketing.enabled": true, "external.enabled": false}

All client applications with the name spring.cloud.config.name=demo-app will have the following properties available to them:

{
    toggle.button: "blue",
    toggle.link: "red",
    marketing.enabled: true,
    external.enabled: false
}

When no label is specified master will be used as a default value. You can change that by setting spring.cloud.config.server.credhub.defaultLabel.

When no profile is specified default will be used.

Values added to application will be shared by all the applications.

OAuth 2.0

You can authenticate with OAuth 2.0 using UAA as a provider.

pom.xml

<dependencies>
	<dependency>
		<groupId>org.springframework.security</groupId>
		<artifactId>spring-security-config</artifactId>
	</dependency>
	<dependency>
		<groupId>org.springframework.security</groupId>
		<artifactId>spring-security-oauth2-client</artifactId>
	</dependency>
</dependencies>

The following configuration uses OAuth 2.0 and UAA to access a CredHub:

spring:
  profiles:
    active: credhub
  cloud:
    config:
      server:
        credhub:
          url: https://credhub:8844
          oauth2:
            registration-id: credhub-client
  security:
    oauth2:
      client:
        registration:
          credhub-client:
            provider: uaa
            client-id: credhub_config_server
            client-secret: asecret
            authorization-grant-type: client_credentials
        provider:
          uaa:
            token-uri: https://uaa:8443/oauth/token

The used UAA client-id should have credhub.read as scope.

The following table describes the CredHub configuration properties.

Property Name Remarks

Property Name	Remarks
url	CredHub server URL.
path	Base path for all credentials. Optional, defaults to empty.
defaultLabel	Default label to use when is not provided by client application. Optional, defaults to `master`.
oauth2	OAuth2 configuration to access CredHub. Optional.

url

CredHub server URL.

path

Base path for all credentials. Optional, defaults to empty.

defaultLabel

Default label to use when is not provided by client application. Optional, defaults to master.

oauth2

OAuth2 configuration to access CredHub. Optional.