我正在使用 Hashicorp 插件从 Vault 获取秘密,但没有成功。我已经在这里和互联网上查看了所有类似的问题,但仍然没有解决我的问题。
我从 Github 复制了代码,设置所有必要的变量如下:
<!-- Read secrets from HashiCorp Vault and assign it to Maven properties -->
<plugin>
<groupId>io.github.schereradi</groupId>
<artifactId>vault-maven-plugin</artifactId>
<version>1.1.3</version>
<executions>
<execution>
<id>pull</id>
<phase>validate</phase>
<goals>
<goal>pull</goal>
</goals>
<configuration>
<servers>
<server>
<!-- Update vault server URL with your own URL -->
<url>https://**myVaulUrlHere:8200**</url>
<!-- Token to authenticate with Vault server. Do not hardcode the vault token -->
<token>**myTokenHere**</token>
<paths>
<path>
<!-- Vault path can be hardcoded completely or it can be made dynamic like shown below -->
<name>**myVaultPathHere**</name>
<mappings>
<mapping>
<!-- key - name of the key stored in vault --
<key>testUser</key>
<!-- property - to whom you want to assign the value after reading it from the Vault -->
<property>username</property>
</mapping>
<mapping>
<!-- key - name of the key stored in vault -->
<key>testPassword</key>
<!-- property - to whom you want to assign the value after reading it from the Vault -->
<property>password</property>
</mapping>
</mappings>
</path>
</paths>
</server>
</servers>
</configuration>
</execution>
</executions>
</plugin>
并尝试从应用程序属性中的 pom 获取用户名和密码值:
prop.username=@username@
prop.password=@password@
Spring引导类:
@RestController
public class ReadSecretsController {
@Value("${prop.username}")
private String username;
@Value("${prop.password}")
private String password;
@GetMapping("/getSecretsFromVault")
public String getSecretsFromVault() {
return "Username: " + username + " Password: " + password;
}
}
启动“localhost:8080/getSecretsFromVault”时我看到的唯一的东西是 用户名:@用户名@ 密码:@密码@
我从本地主机进行了curl查询,以检查是否使用令牌和库路径正确提取了凭据,并且它返回包含所有必需信息的JSON。
我在这里看到 2 个选项:
<build>
<resources>
<resource>
<directory>src/main/resources</directory>
<filtering>true</filtering>
</resource>
</resources>
...
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-resources-plugin</artifactId>
<version>2.7</version>
<configuration>
<delimiters>
<delimiter>@</delimiter>
</delimiters>
<useDefaultDelimiters>false</useDefaultDelimiters>
</configuration>
</plugin>
将不胜感激任何建议!
我似乎已经找到问题所在了 - 我们使用的是 KV Engine v2,而这个插件是为 KV Engine v1 设计的。
我尝试使用 application.properties:
spring.application.name=vaultdemo
spring.cloud.vault.kv.enabled=true
spring.cloud.vault.authentication=TOKEN
spring.cloud.vault.token= spring.cloud.vault.scheme=http spring.cloud.vault.host=127.0.0.1
spring.cloud.vault.port=8200
spring.config.import: vault://
但失败了
spring.config.import: vault://
用红色突出显示最后一个符号“/”。我了解到这是一个错误,但没有找到解决方案。
有人知道 KV Engine v2 获取秘密的解决方案吗?