IntelliJ
: 2020.3.2.communityvault
: v1.10.0spring boot
: 2.6.1 implementation 'org.springframework.boot:spring-boot-starter'
implementation 'org.springframework.boot:spring-boot-starter-web'
implementation 'org.springframework.boot:spring-boot-starter-thymeleaf'
testImplementation 'org.springframework.boot:spring-boot-starter-test'
implementation group: 'org.springframework.vault', name: 'spring-vault-core', version: '2.3.2'
//lombok 관련
compileOnly 'org.projectlombok:lombok'
annotationProcessor 'org.projectlombok:lombok'
testCompileOnly 'org.projectlombok:lombok:1.18.22' // 테스트 의존성 추가
testAnnotationProcessor 'org.projectlombok:lombok:1.18.22' // 테스트 의존성 추가
vault.props:
schema: http
host: 볼트 서버 Ip
port: 볼트 서버 Port
roleId: 볼트R oldId
secretId: 볼트 secretId
mainPath: kv
subPath: karim
import lombok.Data;
import org.springframework.boot.context.properties.ConfigurationProperties;
@ConfigurationProperties("vault.props")
@Data
public class VaultProps {
private String host;
private int port;
private String schema;
private String roleId;
private String secretId;
private String mainPath;
private String subPath;
}
import lombok.Data;
@Data
public class VaultCredential {
private String username;
private String password;
}
import lombok.RequiredArgsConstructor;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Primary;
import org.springframework.vault.authentication.AppRoleAuthentication;
import org.springframework.vault.authentication.AppRoleAuthenticationOptions;
import org.springframework.vault.authentication.ClientAuthentication;
import org.springframework.vault.client.VaultEndpoint;
import org.springframework.vault.config.AbstractVaultConfiguration;
import org.springframework.vault.core.VaultTemplate;
import org.springframework.vault.core.VaultVersionedKeyValueTemplate;
import org.springframework.vault.support.Versioned;
@Configuration
@EnableConfigurationProperties(VaultProps.class)
@RequiredArgsConstructor
public class VaultConfig extends AbstractVaultConfiguration {
final private VaultProps vaultProperties;
@Override
public VaultEndpoint vaultEndpoint() {
VaultEndpoint vaultEndpoint = null;
if (vaultProperties != null) {
vaultEndpoint = VaultEndpoint.create(vaultProperties.getHost(), vaultProperties.getPort());
vaultEndpoint.setScheme(vaultProperties.getSchema());
}
return vaultEndpoint;
}
@Override
public ClientAuthentication clientAuthentication() {
AppRoleAuthenticationOptions appRoleAuthenticationOptions = null;
if (vaultProperties != null) {
appRoleAuthenticationOptions = AppRoleAuthenticationOptions.builder()
.roleId(AppRoleAuthenticationOptions.RoleId.provided(vaultProperties.getRoleId()))
.secretId(AppRoleAuthenticationOptions.SecretId.provided(vaultProperties.getSecretId()))
.build();
}
return appRoleAuthenticationOptions != null ? new AppRoleAuthentication(appRoleAuthenticationOptions, restOperations()) : null;
}
@Bean
@Primary
public void readVaultCredentials(){
VaultTemplate vaultTemplate = new VaultTemplate(vaultEndpoint(), clientAuthentication());
VaultVersionedKeyValueTemplate vaultVersionedKeyValueTemplate;
vaultVersionedKeyValueTemplate = new VaultVersionedKeyValueTemplate(vaultTemplate, vaultProperties.getMainPath());
Versioned<VaultCredential> vaultResponse = vaultVersionedKeyValueTemplate.get("/"+ vaultProperties.getSubPath(), VaultCredential.class);
System.out.println("###################################################################");
System.out.println("###### vault get username : " + vaultResponse.getData().getUsername() );
System.out.println("###### vault get password : " + vaultResponse.getData().getPassword() );
System.out.println("###################################################################");
}
}
VaultTemplate
: 템플릿은 Vault에서 데이터를 읽고, 쓰고, 삭제하는 편리한 작업을 제공하고 도메인 개체와 Vault 데이터 간의 매핑을 제공VaultVersionedKeyValueTemplate
: KV v2 secrets 엔진에서 데이터를 가져올 때 사용하는 메소드
Vault 해당 경로에 있는 사용자Id,Pw를 가져온 것을 확인할 수 있다.
📌 여담
📚 참고
application.yml 에 적히는 vault 서버 정보들은 어떻게 관리하시나요?