EnvironmentVaultConfiguration (Spring Vault 2.3.4 API)

java.lang.Object
- org.springframework.vault.config.AbstractVaultConfiguration
- - org.springframework.vault.config.EnvironmentVaultConfiguration

All Implemented Interfaces:

org.springframework.beans.factory.Aware, org.springframework.context.ApplicationContextAware
```
@Configuration
public class EnvironmentVaultConfiguration
extends AbstractVaultConfiguration
implements org.springframework.context.ApplicationContextAware
```
Configuration using Spring's Environment to configure Spring Vault endpoint, SSL options and authentication options. This configuration class uses predefined property keys and is usually imported as part of an existing Java-based configuration. Configuration is obtained from other, existing property sources.
Usage: Java-based configuration part:
```
     
 @Configuration
 @Import(EnvironmentVaultConfiguration.class)
 public class MyConfiguration {
 }
      
```
Supplied properties:
```
     
 vault.uri=https://localhost:8200
 vault.token=00000000-0000-0000-0000-000000000000
      
```
Property keys
Authentication-specific properties must be provided depending on the authentication method.
- Vault URI: vault.uri
- SSL Configuration
  - Keystore resource: vault.ssl.key-store (optional)
  - Keystore password: vault.ssl.key-store-password (optional)
  - Keystore type: vault.ssl.key-store-type (since 2.3, optional)
  - Truststore resource: vault.ssl.trust-store (optional)
  - Truststore password: vault.ssl.trust-store-password (optional)
  - Truststore type: vault.ssl.trust-store-password (since 2.3, optional)
  - Enabled SSL/TLS protocols: vault.ssl.enabled-protocols (since 2.3.2, optional, protocols separated with comma)
  - Enabled SSL/TLS cipher suites: vault.ssl.enabled-cipher-suites (since 2.3.2, optional, cipher suites separated with comma)
- Authentication method: vault.authentication (defaults to TOKEN, supported authentication methods are: TOKEN, APPID, APPROLE, AWS_EC2, AZURE, CERT, CUBBYHOLE, KUBERNETES, see AuthenticationMethod)
- Token authentication
  - Vault Token: vault.token
- AppId authentication
  - AppId path: vault.app-id.app-id-path (since 2.2.1, defaults to AppIdAuthenticationOptions.DEFAULT_APPID_AUTHENTICATION_PATH)
  - AppId: vault.app-id.app-id
  - UserId: vault.app-id.user-id. MAC_ADDRESS and IP_ADDRESS use MacAddressUserId, respective IpAddressUserId. Any other value is used with StaticUserId.
- AppRole authentication
  - AppRole path: vault.app-role.app-role-path (since 2.2.1, defaults to AppRoleAuthenticationOptions.DEFAULT_APPROLE_AUTHENTICATION_PATH)
  - RoleId: vault.app-role.role-id
  - SecretId: vault.app-role.secret-id (optional)
- AWS EC2 authentication
  - AWS EC2 path: vault.aws-ec2.aws-ec2-path (since 2.2.1, defaults to AwsEc2AuthenticationOptions.DEFAULT_AWS_AUTHENTICATION_PATH)
  - Role: vault.aws-ec2.role (since 2.2.1)
  - RoleId: vault.aws-ec2.role-id (deprecated since 2.2.1: use vault.aws-ec2.role instead)
  - Identity Document URL: vault.aws-ec2.identity-document (defaults to AwsEc2AuthenticationOptions.DEFAULT_PKCS7_IDENTITY_DOCUMENT_URI)
- Azure MSI authentication
  - Azure MSI path: vault.azure-msi.azure-path (since 2.2.1, defaults to AzureMsiAuthenticationOptions.DEFAULT_AZURE_AUTHENTICATION_PATH)
  - Role: vault.azure-msi.role
  - MetadataServiceUri: vault.azure-msi.metadata-service (defaults to AzureMsiAuthenticationOptions.DEFAULT_INSTANCE_METADATA_SERVICE_URI)
  - IdentityTokenServiceUri: vault.azure-msi.identity-token-service (defaults to AzureMsiAuthenticationOptions.DEFAULT_IDENTITY_TOKEN_SERVICE_URI)
- Client Certificate authentication
  - (no configuration options)
- Cubbyhole authentication
  - Initial Vault Token: vault.token
- Kubernetes authentication
  - Kubernetes path: vault.kubernetes.kubernetes-path (since 2.2.1, defaults to KubernetesAuthenticationOptions.DEFAULT_KUBERNETES_AUTHENTICATION_PATH)
  - Role: vault.kubernetes.role
  - Path to service account token file: vault.kubernetes.service-account-token-file (defaults to KubernetesServiceAccountTokenFile.DEFAULT_KUBERNETES_SERVICE_ACCOUNT_TOKEN_FILE)
Author:

Mark Paluch, Michal Budzyn, Raoof Mohammed, Justin Bertrand, Ryan Gow

See Also:

Environment, PropertySource, VaultEndpoint, AppIdAuthentication, AppRoleAuthentication, AwsEc2Authentication, AzureMsiAuthentication, ClientCertificateAuthentication, CubbyholeAuthentication, KubernetesAuthentication

Nested Class Summary
- Nested classes/interfaces inherited from class org.springframework.vault.config.AbstractVaultConfiguration
  AbstractVaultConfiguration.ClientFactoryWrapper, AbstractVaultConfiguration.TaskSchedulerWrapper

Constructor Summary

Constructors
Constructor and Description

EnvironmentVaultConfiguration()

Constructors
Constructor and Description
`EnvironmentVaultConfiguration()`

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`protected ClientAuthentication`	`appIdAuthentication()`
`protected ClientAuthentication`	`appRoleAuthentication()`
`protected ClientAuthentication`	`awsEc2Authentication()`
`protected ClientAuthentication`	`azureMsiAuthentication()`
`ClientAuthentication`	`clientAuthentication()` Annotate with `Bean` in case you want to expose a `ClientAuthentication` instance to the `ApplicationContext`.
`protected ClientAuthentication`	`cubbyholeAuthentication()`
`protected AppIdUserIdMechanism`	`getAppIdUserIdMechanism(String userId)`
`protected ClientAuthentication`	`kubeAuthentication()`
`org.springframework.web.client.RestOperations`	`restOperations()` Construct a `RestOperations` object configured for Vault session management and authentication usage.
`void`	`setApplicationContext(org.springframework.context.ApplicationContext applicationContext)`
`SslConfiguration`	`sslConfiguration()`
`protected ClientAuthentication`	`tokenAuthentication()`
`VaultEndpoint`	`vaultEndpoint()`

Methods inherited from class org.springframework.vault.config.AbstractVaultConfiguration
clientHttpRequestFactoryWrapper, clientOptions, getBeanFactory, getEnvironment, getRestTemplateFactory, getVaultThreadPoolTaskScheduler, restTemplateBuilder, restTemplateFactory, secretLeaseContainer, sessionManager, threadPoolTaskScheduler, vaultEndpointProvider, vaultTemplate

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Constructor Detail
  - EnvironmentVaultConfiguration
```
public EnvironmentVaultConfiguration()
```
- Method Detail
  - restOperations
```
public org.springframework.web.client.RestOperations restOperations()
```
    Description copied from class: AbstractVaultConfiguration
    
    Construct a RestOperations object configured for Vault session management and authentication usage. Can be customized by providing a RestTemplateFactory bean.
    
    Overrides:
    
    restOperations in class AbstractVaultConfiguration
    
    Returns:
    
    the RestOperations to be used for Vault access.
    
    See Also:
    
    AbstractVaultConfiguration.restTemplateFactory(ClientFactoryWrapper)
  - setApplicationContext
```
public void setApplicationContext(org.springframework.context.ApplicationContext applicationContext)
                           throws org.springframework.beans.BeansException
```
    Specified by:
    
    setApplicationContext in interface org.springframework.context.ApplicationContextAware
    
    Overrides:
    
    setApplicationContext in class AbstractVaultConfiguration
    
    Throws:
    
    org.springframework.beans.BeansException
  - vaultEndpoint
```
public VaultEndpoint vaultEndpoint()
```
    Specified by:
    
    vaultEndpoint in class AbstractVaultConfiguration
    
    Returns:
    
    Vault endpoint coordinates for HTTP/HTTPS communication, must not be null.
  - sslConfiguration
```
public SslConfiguration sslConfiguration()
```
    Overrides:
    
    sslConfiguration in class AbstractVaultConfiguration
    
    Returns:
    
    SSL configuration options. Defaults to SslConfiguration.unconfigured().
    
    See Also:
    
    SslConfiguration, SslConfiguration.unconfigured()
  - clientAuthentication
```
public ClientAuthentication clientAuthentication()
```
    Description copied from class: AbstractVaultConfiguration
    
    Annotate with Bean in case you want to expose a ClientAuthentication instance to the ApplicationContext.
    
    Specified by:
    
    clientAuthentication in class AbstractVaultConfiguration
    
    Returns:
    
    the ClientAuthentication to use. Must not be null.
  - tokenAuthentication
```
protected ClientAuthentication tokenAuthentication()
```
  - appIdAuthentication
```
protected ClientAuthentication appIdAuthentication()
```
  - appRoleAuthentication
```
protected ClientAuthentication appRoleAuthentication()
```
  - getAppIdUserIdMechanism
```
protected AppIdUserIdMechanism getAppIdUserIdMechanism(String userId)
```
  - awsEc2Authentication
```
protected ClientAuthentication awsEc2Authentication()
```
  - azureMsiAuthentication
```
protected ClientAuthentication azureMsiAuthentication()
```
  - cubbyholeAuthentication
```
protected ClientAuthentication cubbyholeAuthentication()
```
  - kubeAuthentication
```
protected ClientAuthentication kubeAuthentication()
```

Class EnvironmentVaultConfiguration

Property keys

Nested Class Summary

Nested classes/interfaces inherited from class org.springframework.vault.config.AbstractVaultConfiguration

Constructor Summary

Method Summary

Methods inherited from class org.springframework.vault.config.AbstractVaultConfiguration

Methods inherited from class java.lang.Object

Constructor Detail

EnvironmentVaultConfiguration

Method Detail

restOperations

setApplicationContext

vaultEndpoint

sslConfiguration

clientAuthentication

tokenAuthentication

appIdAuthentication

appRoleAuthentication

getAppIdUserIdMechanism

awsEc2Authentication

azureMsiAuthentication

cubbyholeAuthentication

kubeAuthentication