@Configuration public class EnvironmentVaultConfiguration extends AbstractVaultConfiguration implements ApplicationContextAware
Environment
to
configure Spring Vault endpoint, SSL options and authentication options. This
configuration class uses predefined property keys and is usually imported as part of an
existing Java-based configuration. Configuration is obtained from other, existing
property sources.
Usage: Java-based configuration part:
@Configuration
@Import(EnvironmentVaultConfiguration.class)
public class MyConfiguration {
}
Supplied properties:
vault.uri=https://localhost:8200
vault.token=00000000-0000-0000-0000-000000000000
vault.uri
vault.ssl.key-store
(optional)vault.ssl.key-store-password
(optional)vault.ssl.key-store-type
(since 2.3, optional)vault.ssl.trust-store
(optional)vault.ssl.trust-store-password
(optional)vault.ssl.trust-store-password
(since 2.3, optional)vault.authentication
(defaults to TOKEN,
supported authentication methods are:
TOKEN, APPID, APPROLE, AWS_EC2, AZURE, CERT, CUBBYHOLE, KUBERNETES, see
AuthenticationMethod
)vault.token
vault.app-id.app-id-path
(since 2.2.1, defaults to
AppIdAuthenticationOptions.DEFAULT_APPID_AUTHENTICATION_PATH
)vault.app-id.app-id
vault.app-id.user-id
. MAC_ADDRESS and
IP_ADDRESS use MacAddressUserId
, respective IpAddressUserId
.
Any other value is used with StaticUserId
.vault.app-role.app-role-path
(since 2.2.1, defaults to
AppRoleAuthenticationOptions.DEFAULT_APPROLE_AUTHENTICATION_PATH
)vault.app-role.role-id
vault.app-role.secret-id
(optional)vault.aws-ec2.aws-ec2-path
(since 2.2.1, defaults to
AwsEc2AuthenticationOptions.DEFAULT_AWS_AUTHENTICATION_PATH
)vault.aws-ec2.role
(since 2.2.1)vault.aws-ec2.role-id
(deprecated since 2.2.1: use
vault.aws-ec2.role
instead)vault.aws-ec2.identity-document
(defaults to
AwsEc2AuthenticationOptions.DEFAULT_PKCS7_IDENTITY_DOCUMENT_URI
)vault.azure-msi.azure-path
(since 2.2.1, defaults to
AzureMsiAuthenticationOptions.DEFAULT_AZURE_AUTHENTICATION_PATH
)vault.azure-msi.role
vault.azure-msi.metadata-service
(defaults to
AzureMsiAuthenticationOptions.DEFAULT_INSTANCE_METADATA_SERVICE_URI
)vault.azure-msi.identity-token-service
(defaults
to AzureMsiAuthenticationOptions.DEFAULT_IDENTITY_TOKEN_SERVICE_URI
)vault.token
vault.kubernetes.kubernetes-path
(since 2.2.1, defaults to
KubernetesAuthenticationOptions.DEFAULT_KUBERNETES_AUTHENTICATION_PATH
)vault.kubernetes.role
vault.kubernetes.service-account-token-file
(defaults to
KubernetesServiceAccountTokenFile.DEFAULT_KUBERNETES_SERVICE_ACCOUNT_TOKEN_FILE
)Environment
,
PropertySource
,
VaultEndpoint
,
AppIdAuthentication
,
AppRoleAuthentication
,
AwsEc2Authentication
,
AzureMsiAuthentication
,
ClientCertificateAuthentication
,
CubbyholeAuthentication
,
KubernetesAuthentication
AbstractVaultConfiguration.ClientFactoryWrapper
Constructor and Description |
---|
EnvironmentVaultConfiguration() |
Modifier and Type | Method and Description |
---|---|
protected ClientAuthentication |
appIdAuthentication() |
protected ClientAuthentication |
appRoleAuthentication() |
protected ClientAuthentication |
awsEc2Authentication() |
protected ClientAuthentication |
azureMsiAuthentication() |
ClientAuthentication |
clientAuthentication()
Annotate with
Bean in case you want to expose a
ClientAuthentication instance to the
ApplicationContext . |
protected ClientAuthentication |
cubbyholeAuthentication() |
protected AppIdUserIdMechanism |
getAppIdUserIdMechanism(String userId) |
protected ClientAuthentication |
kubeAuthentication() |
RestOperations |
restOperations()
Construct a
RestOperations object configured for Vault session management
and authentication usage. |
void |
setApplicationContext(ApplicationContext applicationContext) |
SslConfiguration |
sslConfiguration() |
protected ClientAuthentication |
tokenAuthentication() |
VaultEndpoint |
vaultEndpoint() |
clientHttpRequestFactoryWrapper, clientOptions, getEnvironment, getRestTemplateFactory, restTemplateBuilder, restTemplateFactory, secretLeaseContainer, sessionManager, threadPoolTaskScheduler, vaultEndpointProvider, vaultTemplate
public RestOperations restOperations()
AbstractVaultConfiguration
RestOperations
object configured for Vault session management
and authentication usage. Can be customized by providing a
RestTemplateFactory
bean.restOperations
in class AbstractVaultConfiguration
RestOperations
to be used for Vault access.AbstractVaultConfiguration.restTemplateFactory(ClientFactoryWrapper)
public void setApplicationContext(ApplicationContext applicationContext) throws BeansException
setApplicationContext
in interface ApplicationContextAware
setApplicationContext
in class AbstractVaultConfiguration
BeansException
public VaultEndpoint vaultEndpoint()
vaultEndpoint
in class AbstractVaultConfiguration
public SslConfiguration sslConfiguration()
sslConfiguration
in class AbstractVaultConfiguration
SslConfiguration.unconfigured()
.SslConfiguration
,
SslConfiguration.unconfigured()
public ClientAuthentication clientAuthentication()
AbstractVaultConfiguration
Bean
in case you want to expose a
ClientAuthentication
instance to the
ApplicationContext
.clientAuthentication
in class AbstractVaultConfiguration
ClientAuthentication
to use. Must not be null.protected ClientAuthentication tokenAuthentication()
protected ClientAuthentication appIdAuthentication()
protected ClientAuthentication appRoleAuthentication()
protected AppIdUserIdMechanism getAppIdUserIdMechanism(String userId)
protected ClientAuthentication awsEc2Authentication()
protected ClientAuthentication azureMsiAuthentication()
protected ClientAuthentication cubbyholeAuthentication()
protected ClientAuthentication kubeAuthentication()
Copyright © 2016–2020 Pivotal Software, Inc.. All rights reserved.