Spring Vault

Spring Vault provides familiar Spring abstractions and client-side support for accessing, storing and revoking secrets. It offers both low-level and high-level abstractions for interacting with Vault, freeing the user from infrastructural concerns.

With HashiCorp’s Vault you have a central place to manage external secret data for applications across all environments. Vault can manage static and dynamic secrets such as application data, username/password for remote applications/resources and provide credentials for external services such as MySQL, PostgreSQL, Apache Cassandra, Consul, AWS and more.

Quick Start
Fork me on GitHub

Features

  • Connection package as low-level abstraction
  • Reading, writing and deleting data from Vault with object mapping support
  • Multiple authentication mechanisms: AppId, AppRole, Client Certificates, and Cubbyhole (wrapped/stored token)

Quick Start

Download

The recommended way to get started using spring-vault in your project is with a dependency management system – the snippet below can be copied and pasted into your build. Need help? See our getting started guides on building with Maven and Gradle.

Configure VaultTemplate

@Configuration
class VaultConfiguration extends AbstractVaultConfiguration {

  @Override
  public VaultEndpoint vaultEndpoint() {
    return new VaultEndpoint();
  }

  @Override
  public ClientAuthentication clientAuthentication() {
    return new TokenAuthentication("…");
  }
}

Inject and use VaultTemplate

public class Example {

  // inject the actual template
  @Autowired
  private VaultOperations operations;

  public void writeSecrets(String userId, String password) {

    Map<String, String> data = new HashMap<String, String>();
    data.put("password", password);

    operations.write(userId, data);
  }

  public Person readSecrets(String userId) {

    VaultResponseSupport<Person> response = operations.read(userId, Person.class);
    return response.getBody();
    }
}