Şu satırı dahil ederiz
implementation("org.springframework.cloud:spring-cloud-starter-vault-config:3.0.2")implementation("org.springframework.cloud:spring-cloud-vault-config-databases:3.0.2")
JPA
Örnek
Şöyle yaparız
jpa: hibernate: ddl-auto: none database-platform: org.hibernate.dialect.PostgreSQLDialect datasource: url: “jdbc:postgresql://127.0.0.1:5432/postgres” # username injected by cloud config # password injected by cloud config
We set the url of the postgres database but we do not set the username and password parameters. These are injected by Spring Cloud Config Vault later.
Daha sonra şöyle yaparız
cloud.vault: host: 127.0.0.1 port: 8200 scheme: http authentication: CUBBYHOLE token: ... kv: enabled: false database: enabled: true role: quotes_readonly backend: database username-property: spring.datasource.username password-property: spring.datasource.password config.import: vault://
Host port and scheme are boring but necessary to tell Spring where to find the Vault. In production environments you should obviously not use http.Authentication defines the Authentication type, we use CUBBYHOLE to have one-time tokens. The used token is defined by the token field and you most likely want to inject this property into the file from somewhere else. More to that later.We disable the KV store to prevent vault from complaining about permissions and enable the database secrets engine to be used.The important part here is the name of the role, which coincides with the one used earlier. The properties defined at the end map to those left blank in the configuration above.
Hiç yorum yok:
Yorum Gönder