Spring 云服务器无法从 Vault 后端访问所有配置文件
[英]Spring cloud server not accessing all profiles from Vault backend
问题描述
I am new to HashiCorp Vault and setting up spring cloud config server having Vault as a backend for storing secrets, keys, etc.
我是 HashiCorp Vault 的新手,并设置了 Spring Cloud 配置服务器,将 Vault 作为存储秘密、密钥等的后端。
The problem is I am able to access the secrets that are stored at default level like :问题是我能够访问存储在默认级别的机密,例如:
curl -X "GET" "http://localhost:8888/myapp/default" -H "X-Config-Token: XXX"
However, I am unable to access the profile specific secrets that I stored in Vault.但是,我无法访问存储在 Vault 中的个人资料特定机密。 No matter which profile I store the secrets in, the API always returns default values and not profile specific values.无论我将机密存储在哪个配置文件中,API 始终返回默认值而不是配置文件特定值。
for eg:例如:
curl -X "GET" "http://localhost:8888/myapp/prod" -H "X-Config-Token: XXX"
Here are my secrets stored on dev instance of Vault(ver 1.1.3):这是我存储在 Vault 开发实例上的秘密(1.1.3 版):
1. vault kv put secret/myapp foo=myappsdefault
2. vault kv put secret/myapp/prod foo=myappsprod
Spring cloud config server application.yml: Spring 云配置服务器 application.yml:
spring:
profiles:
active: vault
cloud.config.server.vault.kvVersion: 2
server:
port: 8888
Spring cloud server pom.xml: Spring 云服务器 pom.xml:
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.0.6.RELEASE</version>
<relativePath/>
</parent>
<properties>
<spring-cloud.version>Finchley.SR2</spring-cloud.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-config-server</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
</dependencies>
Expected:预期的:
curl -X "GET" "http://localhost:8888/myapp/prod" -H "X-Config-Token: XXX"
{
"name": "myapp",
"profiles": [
"prod"
],
"label": null,
"version": null,
"state": null,
"propertySources": [
{
"name": "vault:myapp",
"source": {
"foo": "myappsprod"
}
}
],
}
Actual:实际的:
{
"name": "myapp",
"profiles": [
"prod"
],
"label": null,
"version": null,
"state": null,
"propertySources": [
{
"name": "vault:myapp",
"source": {
"foo": "myappsdefault"
}
}
],
}
Here are vault outputs:以下是保管库输出:
vault kv get secret/myapp/prod
=== Data ===
Key Value
--- -----
foo myappsprod
vault kv get secret/myapp
=== Data ===
Key Value
--- -----
foo myappsdefault
So the question becomes why is spring cloud server only querying default profile secrets and not environment specific?所以问题变成了为什么 spring 云服务器只查询默认配置文件机密而不是特定于环境的?
Just as a side note, the profiles are getting applied to GIT files that I stored in repo, while integrating the spring cloud server with GIT as backend and I am expecting something similar with Vault.顺便提一下,这些配置文件被应用于我存储在 repo 中的 GIT 文件,同时将 Spring Cloud 服务器与 GIT 作为后端集成,我期待与 Vault 类似的东西。
2 个解决方案
解决方案1
1 2019-07-16 10:36:20
After much struggling with configurations.经过与配置的挣扎。 I tried adding additional properties in my application.yml, and this helped in my case.我尝试在我的 application.yml 中添加其他属性,这对我有帮助。
Snapshot of application.yml: application.yml 的快照:
server:
port: 8888
spring:
profiles:
active: vault
cloud:
config:
server:
vault:
port: 8200
host: 127.0.0.1
kvVersion: 1
backend: kv
profileSeparator: /
#skipSslValidation: true
#defaultKey: signing
management:
endpoints:
web:
exposure:
include: '*'
The additonal things are: 1. I changed the backend from secret to kv(my custom secrets engine) 2. Profile separator as / (Use / in .yml)附加的事情是:1.我将后端从秘密更改为 kv(我的自定义秘密引擎) 2.配置文件分隔符为 /(在 .yml 中使用 /)
In my case 'profileSeparator' key did the trick在我的情况下,'profileSeparator' 键起到了作用
解决方案2
0 2020-11-27 20:58:30
This is not working as well, the app always returns default profile output.这也不起作用,该应用程序始终返回默认配置文件输出。 Here is the bootstrap.yaml这是 bootstrap.yaml
spring:
application:
name: myapp
cloud:
vault:
host: 127.0.0.1
port: 8200
scheme: http
token: ****
kvVersion: 2
backend: kv
profileSeparator: "/"
kv:
enabled: true
The POM.xml has the below dependencies POM.xml 具有以下依赖项
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.3.4.RELEASE</version>
<relativePath/> <!-- lookup parent from repository -->
</parent>
<properties>
<spring.cloud-version>Hoxton.SR9</spring.cloud-version>
</properties>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-vault-config</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-vault-config</artifactId>
</dependency>
Any clues will be useful任何线索都会有用
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.