Spring Vault

Spring Vault provides familiar Spring abstractions and client-side support for accessing, storing and revoking secrets. It offers both low-level and high-level abstractions for interacting with Vault, freeing the user from infrastructural concerns.

With HashiCorp’s Vault you have a central place to manage external secret data for applications across all environments. Vault can manage static and dynamic secrets such as application data, username/password for remote applications/resources and provide credentials for external services such as MySQL, PostgreSQL, Apache Cassandra, Consul, AWS and more.

Quick Start
Fork me on GitHub

Features

  • Connection package as low-level abstraction
  • Reading, writing and deleting data from Vault with object mapping support
  • Multiple authentication mechanisms: AppId, AppRole, AWS EC2, Client Certificates, and Cubbyhole (wrapped/stored token)

Quick Start

Download

The recommended way to get started using spring-vault in your project is with a dependency management system – the snippet below can be copied and pasted into your build. Need help? See our getting started guides on building with Maven and Gradle.

Configure VaultTemplate

@Configuration
class VaultConfiguration extends AbstractVaultConfiguration {

  @Override
  public VaultEndpoint vaultEndpoint() {
    return new VaultEndpoint();
  }

  @Override
  public ClientAuthentication clientAuthentication() {
    return new TokenAuthentication("…");
  }
}

Inject and use VaultTemplate

public class Example {

  // inject the actual template
  @Autowired
  private VaultOperations operations;

  public void writeSecrets(String userId, String password) {

    Map<String, String> data = new HashMap<String, String>();
    data.put("password", password);

    operations.write(userId, data);
  }

  public Person readSecrets(String userId) {

    VaultResponseSupport<Person> response = operations.read(userId, Person.class);
    return response.getBody();
    }
}

Vault PropertySource

@VaultPropertySource(value = "aws/creds/s3",
  propertyNamePrefix = "aws."
  renewal = Renewal.RENEW)
public class MyConfig {

}

public class Example {

  // inject the actual values
  @Value("${aws.access_key}")
  private String awsAccessKey;

  @Value("${aws.secret_key}")
  private String awsSecretKey;

  public InputStream getFileFromS3(String filenname) {
    // …
  }
}

Getting Started

Examples