注意:保险柜由我项目中的不同团队管理。下面是我的 boorstrap.yml 配置
spring:
application:
name: MongoSecrets
profiles:
active: dev
cloud:
vault:
enabled: true
uri: https://vaulturl:443
scheme: https
token: "LDAP token"
kv:
enaled: true
backend: MySecrets
ssl:
trust-store: cacerts
使用的依赖项 - spring-cloud-starter-vault-config、spring-cloud-dependencies
从 Vault 团队获得对 MySecrets 文件夹的访问权限。以下是为文件夹设置的策略
path "MySecrets/*" {capabilities= ["create","read","update","delete","list"]}
以下是我得到的例外:
org.springframework.vault.authentication.LifecycleAwareSessionManager : Scheduling Token renewal
org.springframework.vault.core.lease.SecretLeaseEventPublisher$LoggingErrorListener : [RequestedSecret [path='secret/MySecrets/dev', mode=ROTATE]] Lease [leaseId='null', leaseDuration=PT0S, renewable=false] Status 403 FORBIDDEN secrets/MySecrets/dev: 1 error occurred:
| * permission denied
|
|
| org.springframework.vault.VaultException: Status 403 FORBIDDEN secret/MySecrets/dev: 1 error occurred:
| * permission denied