We have a Spring-Boot application in which we use Eureka to open Spring Cloud Config and get the configurations. We integrate Vault to enter secure / confidential information and have problems loading and resolving settings. The project that we use as the Vault client, vault-spring-boot-starter , and it works fine until we use it together with the configuration server through the eureka.
In particular, the Eureka access URL contains parameters / credentials that are retrieved from Vault. When all components are turned on, the Eureka request fails when DiscoveryClient tries to access a URL where parameters have not yet been filled / replaced.
( Example: http://${user}:${pass}..... )
Trying to specify @Order and
@AutoConfigureBefore({EurekaClientAutoConfiguration.class, DiscoveryClientConfigServiceAutoConfiguration.class})
in the spring-boot-starter repository, VaultBootstrapConfiguration does not seem to be affected. I believe the problem is with the ordering in which PropertySources are processed, but I cannot successfully implement Vault PropertySource before Eureka's. How can we instruct the custom / Vault PropertySourceLocator logic to execute before accessing the DiscoveryClient and configuration server?
Update
We are using the spring-eye version of Angel.SR6.
I added the @Order (Ordered.HIGHEST_PRECEDENCE) note for VaultPropertySourceLocator as recommended, but parameter resolution still doesn't work. With Spring debugging logging turned on, I believe that the Vault PropertySource actually exists, but for some reason it is not used. I changed the code so that VaultConfiguration implements SmartLifecycle and Ordered (with order = 0 and phase = Integer.MIN_VALUE), which can affect things. I will need to do more debugging in order to try to isolate what is happening.
source share