14 Aralık 2022 Çarşamba

SpringCloud Vault Kullanımı

Gradle
Şu satırı dahil ederiz
implementation("org.springframework.cloud:spring-cloud-starter-vault-config:3.0.2")
implementation("org.springframework.cloud:spring-cloud-vault-config-databases:3.0.2")
JPA
Örnek
Şöyle yaparız
jpa:
  hibernate:
    ddl-auto: none
  database-platform: org.hibernate.dialect.PostgreSQLDialect
  datasource:
    url: “jdbc:postgresql://127.0.0.1:5432/postgres”
    # username injected by cloud config
    # password injected by cloud config
Açıklaması şöyle
We set the url of the postgres database but we do not set the username and password parameters. These are injected by Spring Cloud Config Vault later.
Daha sonra şöyle yaparız
cloud.vault:
  host: 127.0.0.1
  port: 8200
  scheme: http
  authentication: CUBBYHOLE 
  token: ...
  kv:
    enabled: false
  database:
    enabled: true
    role: quotes_readonly
    backend: database
    username-property: spring.datasource.username
    password-property: spring.datasource.password
config.import: vault://
Açıklaması şöyle
Host port and scheme are boring but necessary to tell Spring where to find the Vault. In production environments you should obviously not use http.

Authentication defines the Authentication type, we use CUBBYHOLE to have one-time tokens. The used token is defined by the token field and you most likely want to inject this property into the file from somewhere else. More to that later.

We disable the KV store to prevent vault from complaining about permissions and enable the database secrets engine to be used.

The important part here is the name of the role, which coincides with the one used earlier. The properties defined at the end map to those left blank in the configuration above.



 

Hiç yorum yok:

Yorum Gönder