我正在尝试将 Spring Boot 配置服务器与 git 和 vault 一起使用,我所有的 Spring Boot 客户端应用程序都将通过传递 vault 配置令牌通过配置服务器检索 vault 属性。
我正在使用 spring boot 2.1.8.RELEASE,下面是我的 spring boot 配置服务器的 POM.xml 文件。
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.1.8.RELEASE</version>
<relativePath /> <!-- lookup parent from repository -->
</parent>
<groupId>com.ps.psc</groupId>
<artifactId>psc-config-server</artifactId>
<version>0.0.1</version>
<name>psc-config-server</name>
<description>Spring configuration server</description>
<properties>
<java.version>1.8</java.version>
<spring-cloud.version>Greenwich.SR2</spring-cloud.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-bus-amqp</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-config-server</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-vault-config</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-config-monitor</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-configuration-processor</artifactId>
<optional>true</optional>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-devtools</artifactId>
</dependency>
</dependencies>
<dependencyManagement>
<dependencies>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-dependencies</artifactId>
<version>${spring-cloud.version}</version>
<type>pom</type>
<scope>import</scope>
</dependency>
</dependencies>
</dependencyManagement>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
bootstrap.yml 文件
spring:
profiles:
active:
- git
- vault
cloud:
config:
enabled: true
server:
git:
order: 2
username: ********
password: ********
uri: https://*******@bitbucket.org/krushna/configuration.git
search-paths:
- payment*
vault:
host: 127.0.0.1
port: 8200
scheme: http
order: 1
skip-ssl-validation: true
kv-version: 1
vault:
authentication: TOKEN
token: s.PB5cAJ9WhOuWamIOuFVkzpbl
scheme: http
host: 127.0.0.1
port: 8200
config:
order: 1
我的 application.yml 文件
server:
port: 7000
spring:
application:
name: configserver
使用上述配置,我的配置服务器只能从 GIT 中读取属性,而不是从库中读取属性。
在保险库中,我编写了如下属性。
vault write secret/payment password=test@123
如果我像下面这样进行 curl 调用
curl -X "GET" "http://127.0.0.1:7000/payment/default" -H "X-Config-Token: s.PB5cAJ9WhOuWamIOuFVkzpbl"
我只从 git 获取属性,回复如下。
{
"name": "payment",
"profiles": ["default"],
"label": null,
"version": "e9b941d22f6b7cd3083a731d168f78fa4ec0fc42",
"state": null,
"propertySources": [{
"name": "https://******@bitbucket.org/krushna/configuration.git/application.properties",
"source": {
"foofromGit": "bar"
}
}]
}
我在这里做什么?我尝试了多个选项,例如不同的 KV 版本,仅配置 spring cloude config vault 等。
编辑:
我已经使用了如下所示的 Vault conf。
backend "file" {
path = "vault"
}
listener "tcp" {
tls_disable = 1
}
并直接卷曲以使我现在可以读取该值。
curl -X GET -H "X-Vault-Token:s.PB5cAJ9WhOuWamIOuFVkzpbl" http://127.0.0.1:8200/v1/secret/payment/
回复:
{
"request_id": "35c8793e-3530-81c1-7917-3e922ef4065b",
"lease_id": "",
"renewable": false,
"lease_duration": 2764800,
"data": {
"password": "test@123"
},
"wrap_info": null,
"warnings": null,
"auth": null
}