Skip to main content
Nintex Community Menu Bar

Does anyone know how to configure bootstrap.yml to tell Spring Cloud Vault to go to the correct path for k2 v2 and not try other paths first?

 

I can successfully connect to my Vault, running k2 v2, but Spring Cloud will always try to connect to paths in the vault that don't exist, throwing a 403 on startup.

 

Status 403 Forbidden dsecret/application]: permission denied; nested exception is org.springframework.web.client.HttpClientErrorException$Forbidden: 403 Forbidden

The above path, secret/application, doesn't exist because k2 v2 puts data in the path. For example: secret/data/application.

This isn't a show-stopper because Spring Cloud Vault does check other paths, including the correct one that has the data item in the path, but the fact a meaningless 403 is thrown during startup is like a splinter in my mind.

Ultimately, it does try the correct k2 v2 path

2019-03-18 12:22:46.611  INFO 77685 --- O  restartedMain] b.c.PropertySourceBootstrapConfiguration : Located property source: CompositePropertySource {name='vault', propertySources=eLeaseAwareVaultPropertySource {name='secret/data/my-app'}

My configuration

    spring.cloud.vault:
kv:
enabled: true
backend: secret
profile-separator: '/'
default-context: my-app
application-name: my-app
host: localhost
port: 8200
scheme: http
authentication: TOKEN
token: my-crazy-long-token-string

 

Be the first to reply!

Reply