Configuring Spring Cloud Vault Config to pull from a location other than /secret

I was able to use the Generic Backend properties to massage the paths into what I was looking for. Something like:

spring.cloud.vault:
    generic:
        enabled: true
        backend: deployments
        profile-separator: '/'
        default-context: prod
        application-name: my-app

This will also unfortunately pickup Vault locations like deployments/my-app and deployments/prod/activeProfile so be careful not to have any properties in these locations that you don't want to be picked up.

It looks like there is a desire (and an implementation) to allow for these paths to be specified more programmatically.

It should be done this way.

Have a Configuration class

@Configuration
public class VaultConfiguration {

    @Bean
    public VaultConfigurer configurer() {
        return new VaultConfigurer() {
            @Override
            public void addSecretBackends(SecretBackendConfigurer configurer) {
                configurer.add("secret/my-app/path-1");
                configurer.add("secret/my-app/path-2");

                configurer.registerDefaultGenericSecretBackends(false);
            }
        };
    }
}

This way you can scan your secrets placed in custom path

Regards Arun

Configuring Spring Cloud Vault Config to pull from a location other than /secret

Have a Configuration class

Tags:

Spring Cloud

Hashicorp Vault

Spring Cloud Vault Config

Related

Recent Posts