Configuring Spring Cloud Config Server and Spring Cloud Vault for production

Question

Configuring Spring Cloud Config Server and Spring Cloud Vault for production

I am trying to configure a Spring Cloud Config server with the support of Secret Cloud Spring Vault management. I'm relatively new to Spring, but I tried the following instructions and examples: -

http://cloud.spring.io/spring-cloud-vault-config/

Everything works fine if you use standard settings such as http, localhost and 8200 for the storage endpoint and tls_disable = 1 to disable SSL. However, these are not practical settings for a real environment, and there are several examples that can help with this. Can anyone help with a working example?

I have successfully configured TLS-enabled storage. I have successfully configured a configuration server that connects using a self-signed certificate. I can even enter a secret value into the configuration server and open it through @Valueand @PostConstruct.

It all works. However, when I try to use Spring Conig endpoints to access the repository, I get the following: -

{
  "timestamp": 1486413850574,
  "status": 500,
  "error": "Internal Server Error",
  "exception": "org.springframework.web.client.ResourceAccessException",
  "message": "I/O error on GET request for \"http://127.0.0.1:8200/v1/secret/myapp\": Connection refused: connect; nested exception is java.net.ConnectException: Connection refused: connect",
  "path": "/myapp/default"
}

The configuration server uses the default values, although I set the overrides to bootstrap.yml.: -

server:
    port: 8888

spring:
    profiles:
        active: vault

spring.cloud.vault:
    host: myhost.mydomain.com
    port: 8200
    scheme: https
    authentication: TOKEN
    token: 0f1887c3-d8a8-befd-a5a2-01e4e066c50
    ssl:
        trust-store: configTrustStore.jks
        trust-store-password: changeit

As you can see, it should point to myhost.mydomain.com not 127.0.0.1, and it should use https, not http as the protocol scheme.

, , Spring Cloud Vault. Spring Dalsten.M1 Spring Cloud Vault 1.0.0.M1. , . . , .

.

+6

java spring spring-cloud spring-cloud-config

Codesnooper 06 . '17 21:29

4

. . Spring Cloud Config Vault, Spring Vault.

Spring Cloud Config. , . , Spring Cloud Config. .

http://localhost:8888/{application}/default , :

Whitelabel Error Page

This application has no explicit mapping for /error, so you are seeing this as a fallback.

Thu May 11 14:21:31 EDT 2017
There was an unexpected error (type=Bad Request, status=400).
Missing required header: X-Config-Token

PostMan X-Config-Token, Vault, .

.

server:
  port: ${PORT:8888}

management:
  context-path: /manage
  security:
    enabled: true

spring:
  profiles:
    active: git,vault

  application:
    name: config-server

  cloud:
    config:
      server:
        git:
          order: 1
          uri: file:///temp/config-server/config

        vault:
          order: 0
          host: localhost
          port: 8200
          scheme: http

, , . spring.cloud.config.token.

+1

Wes 11 '17 18:53

@SpringBootApplication
@EnableConfigServer
public class Application
{
    public static void main(String[] args)
    {
        System.setProperty("javax.net.ssl.trustStore",
            Application.class.getResource("/configTrustStore.jks").getFile());
        System.setProperty("javax.net.ssl.trustStorePassword", "changeit");
        SpringApplication.run(Application.class, args);
    }
}

bootstrap yml ->
javax.net.ssl.trustStore: /configTrustStore.jks
javax.net.ssl.trustStorePassword: changeit

0

Vladimir Minikh 18 . '18 12:08

. Spring Cloud Vault CERT . , X-Config-Token GET. , GET config-server , GITHUB backend. , . github.

: https://medium.com/@java.developer.raman/enable-spring-config-server-to-use-cert-authentication-with-vault-as-back-end-ff84e1ef2de7?sk=45a26d7f1277437d91a5cff3d5997287

GitHub : https://github.com/java-developer-raman/config-server-vault-backend

0

Raman Sharma Sep 05 '19 at 21:46

source share

Codesnooper · Accepted Answer · 2017-02-08T14:12:07+0000

spensergibb, . , , . : -

, Vault ( GIT) API Vault ( TLS), . , Vault. , , Vault. , TLS loopback-, 8200 Vault .. , . , , spencergibb, , , - . .
Vault. Vault Spring Cloud Vault. , . , . , , , , Vault.

, , Spring Cloud Config Server Spring Cloud Vault, -, beans Vault. Spring Cloud Config Server VaultEnvironmentRepository, @ConfigurationProperties ( "spring.cloud.config.server.vault" ) Spring Cloud Vault VaultProperties, @ConfigurationProperties ( "spring.cloud.vault" ).

bootstrap yml.

server:
    port: 8888

spring:
    profiles:
        active: local, vault

    application:
        name: quoting-domain-configuration-server

    cloud:
        vault:
            host: VDDP03P-49A26EF.lm.lmig.com
            port: 8200
            scheme: https
            authentication: TOKEN
            token: 0f1997c3-d8a8-befd-a5a2-01e4e066c50a
            ssl:
                trust-store: configTrustStore.jks
                trust-store-password: changeit

        config:
            server:
                vault:
                    host: VDDP03P-49A26EF.lm.lmig.com
                    port: 8200
                    scheme: https
                    authentication: TOKEN
                    token: 0f1997c3-d8a8-befd-a5a2-01e4e066c50a

. yml. , , , , 1, , . (: ).

, SSL. , SSL, spring.cloud.config.server.vault. VaultProperties bean . , (, -, bean, ). , : -

@SpringBootApplication
@EnableConfigServer
public class Application
{
    public static void main(String[] args)
    {
        System.setProperty("javax.net.ssl.trustStore",
            Application.class.getResource("/configTrustStore.jks").getFile());
        System.setProperty("javax.net.ssl.trustStorePassword", "changeit");
        SpringApplication.run(Application.class, args);
    }
}

SSL- . , . . , , .

Configuring Spring Cloud Config Server and Spring Cloud Vault for production

More articles: