[英]Connect Micronaut with Hashicorp Vault
我需要一些幫助來使用 Vault 配置 Micronaut。 我正在嘗試在 Micronaut 的 application.yml 屬性上從本地 Vault 加載機密。
我已經下載了 Vault CLI 並啟動了一個開發服務器,在此之前,我在 kv 秘密引擎中配置了一個秘密,使用vault kv put secret/application SECRET_GENERATOR_JWT=foobar
對於 Micronaut,我正在閱讀官方文檔以配置與 Vault 的連接,但是當我在本地啟動應用程序時,收到以下錯誤:
ERROR io.micronaut.runtime.Micronaut - Error starting Micronaut server: Bean definition [io.micronaut.security.token.jwt.signature.secret.SecretSignatureConfiguration] could not be loaded: Error instantiating bean of type [io.micronaut.security.token.jwt.signature.secret.SecretSignatureConfiguration]: Could not resolve placeholder ${SECRET_GENERATOR_JWT}
如何使用 Vault 解決此問題?
這是我的 Micronaut 的 application.yml
micronaut:
application:
name: hello
config-client:
enabled: true
security:
authentication: bearer
token:
jwt:
signatures:
secret:
generator:
secret: ${SECRET_GENERATOR_JWT}
vault:
client:
token: s.pkUenRJ2TCNOPYghsd5an0Iw
uri: http://127.0.0.1:8200
config:
enabled: true
secret-engine-name: secret
這是Maven 的依賴部分:
<dependencies>
<dependency>
<groupId>io.micronaut</groupId>
<artifactId>micronaut-inject</artifactId>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>ch.qos.logback</groupId>
<artifactId>logback-classic</artifactId>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>io.micronaut</groupId>
<artifactId>micronaut-http-server-netty</artifactId>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.junit.jupiter</groupId>
<artifactId>junit-jupiter-api</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.junit.jupiter</groupId>
<artifactId>junit-jupiter-engine</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>io.micronaut.test</groupId>
<artifactId>micronaut-test-junit5</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>io.micronaut.security</groupId>
<artifactId>micronaut-security-jwt</artifactId>
</dependency>
<dependency>
<groupId>io.micronaut</groupId>
<artifactId>micronaut-discovery-client</artifactId>
</dependency>
</dependencies>
還有我的annotationProcessorPaths :
<configuration>
<annotationProcessorPaths>
<path>
<!-- must precede micronaut-inject-java -->
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
<version>${lombok.version}</version>
</path>
<path>
<groupId>io.micronaut</groupId>
<artifactId>micronaut-inject-java</artifactId>
<version>${micronaut.version}</version>
</path>
<path>
<groupId>io.micronaut.security</groupId>
<artifactId>micronaut-security-annotations</artifactId>
<version>${micronaut.security.version}</version>
</path>
</annotationProcessorPaths>
<compilerArgs>
<arg>-Amicronaut.processing.group=hello.world.cli.maven</arg>
<arg>-Amicronaut.processing.module=hello-world-cli-maven</arg>
</compilerArgs>
</configuration>
Micronaut 版本:2.3.2
要使其工作,您需要提供環境變量或設置默認值。
第一個選項是設置變量環境,如:
$ export SECRET_GENERATOR_JWT="superSecreteGeneratorJWT"
$ ./mvnw mn:run
第二個選項是像這樣配置您的application.yml :
micronaut:
application:
name: hello
config-client:
enabled: true
security:
authentication: bearer
token:
jwt:
signatures:
secret:
generator:
secret: ${SECRET_GENERATOR_JWT:`superSecreteGeneratorJWT`}
這樣,您將正確設置環境變量。
更多信息https://docs.micronaut.io/latest/guide/index.html#propertySource
然后你必須像這樣注入它:
import io.micronaut.context.annotation.Value;
import javax.inject.Singleton;
@Singleton
public class YourServices {
private final String secret;
YourServices(@Value("${micronaut.security.token.jwt.signatures.secret.generator.secret}") String secret) {
this.secret = secret;
}
}
更多信息: https://docs.micronaut.io/latest/guide/index.html#valueAnnotation
SpringCloud + Hashicorp Vault + Hashicorp Consul
[英]SpringCloud + Hashicorp Vault + Hashicorp Consul
是否可以在 Spring Boot 應用程序中使用具有冗余的 HashiCorp Vault?
[英]Is it possible to use HashiCorp Vault with redundancy in a Spring Boot application?
帶有Zookeeper或HashiCorp Vault后端的Spring Cloud Config Server
[英]Spring Cloud Config Server with Zookeeper or HashiCorp Vault Backend
使用帶有服務令牌的 java 應用程序從 hashcorp 保險庫獲取秘密
[英]Get secret from hashicorp vault using java application with service token
在 HashiCorp Vault 中安全地存儲 Spring Boot 應用程序的秘密?
[英]Securely storing secrets of a Spring Boot application in HashiCorp Vault?
如何使用已生成的 AES 256 GCM 96 密鑰(來自 Hashicorp Vault)加密數據?
[英]How can I encrypt data with an already generated AES 256 GCM 96 key (coming from Hashicorp Vault)?
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.