Şu satırı dahil ederiz
implementation("org.springframework.cloud:spring-cloud-starter-vault-config:3.0.2")implementation("org.springframework.cloud:spring-cloud-vault-config-databases:3.0.2")
JPA
Örnek
Şöyle yaparız
jpa:
hibernate:
ddl-auto: none
database-platform: org.hibernate.dialect.PostgreSQLDialect
datasource:
url: “jdbc:postgresql://127.0.0.1:5432/postgres”
# username injected by cloud config
# password injected by cloud configWe set the url of the postgres database but we do not set the username and password parameters. These are injected by Spring Cloud Config Vault later.
Daha sonra şöyle yaparız
cloud.vault:
host: 127.0.0.1
port: 8200
scheme: http
authentication: CUBBYHOLE
token: ...
kv:
enabled: false
database:
enabled: true
role: quotes_readonly
backend: database
username-property: spring.datasource.username
password-property: spring.datasource.password
config.import: vault://Host port and scheme are boring but necessary to tell Spring where to find the Vault. In production environments you should obviously not use http.Authentication defines the Authentication type, we use CUBBYHOLE to have one-time tokens. The used token is defined by the token field and you most likely want to inject this property into the file from somewhere else. More to that later.We disable the KV store to prevent vault from complaining about permissions and enable the database secrets engine to be used.The important part here is the name of the role, which coincides with the one used earlier. The properties defined at the end map to those left blank in the configuration above.
Hiç yorum yok:
Yorum Gönder