Bootstrap Configuration

Loading and decrypting configuration properties from external sources such as HashiCorp Vault, Azure Key Vault or AWS Secrets Manager.

Last Updated: 26 May 2022 • Page Author: Jillur Quddus

Overview

The POB Spring bootstrap context is responsible for loading and decrypting configuration properties from external sources such as HashiCorp Vault, Azure Key Vault or AWS Secrets Manager.

Location

The configuration for the POB Spring bootstrap context may be found in the pob-configuration Maven module at src/main/resources/bootstrap.yml. The complete configuration file is as follows:

spring:
    application:
        name: pob
    cloud:
        vault:
            enabled: false
            host: localhost
            port: 8200
            scheme: http
            authentication: TOKEN
            token: ${VAULT_TOKEN}
            kv:
                enabled: true
                backend: secret
                default-context: pob/development
azure:
    keyvault:
        enabled: false
        client-id: ${AZURE_KEYVAULT_CLIENT_ID}
        client-key: ${AZURE_KEYVAULT_CLIENT_SECRET}
        tenant-id: ${AZURE_KEYVAULT_TENANT_ID}
        uri: ${AZURE_KEYVAULT_URI}
aws:
    secretsmanager:
        enabled: true
        name: pob
        prefix: /secret
        defaultContext: application
        failFast: true
        region: eu-west-2

Namespaces

spring.cloud.vault

Configure this namespace if you wish to load externalised configuration from HashiCorp Vault.

For further information and properties related to loading externalised configuration from HashiCorp Vault, please refer to https://cloud.spring.io/spring-cloud-vault/reference/html/.

azure.keyvault

Configure this namespace if you wish to load externalised configuration from Azure Key Vault.

For further information and properties related to loading externalised configuration from Azure Key Vault, please refer to https://docs.microsoft.com/en-us/azure/developer/java/spring-framework/configure-spring-boot-starter-java-app-with-azure-key-vault.

aws.secretsmanager

Configure this namespace if you wish to load externalised configuration from AWS Secrets Manager.

Note that an IAM user with privileges to read secrets from the AWS Secrets Manager must be configured (either via the AWS Management Console or AWS CLI) if you wish to load externalised configuration from AWS Secrets Manager. Thereafter, AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY must be defined as environmental variables and set with the appropriate key and secret associated with the IAM user.

For further information and properties related to loading externalized configuration from AWS Secrets Manager, please refer to https://docs.spring.io/spring-cloud-aws/docs/2.2.4.RELEASE/reference/html/appendix.html.

PreviousConfigurationNextApplication Configuration

Last updated