Swiftorial Logo
Home
Swift Lessons
Matchups
CodeSnaps
Tutorials
Career
Resources

Spring Vault with Spring Boot Tutorial

Introduction

Spring Vault is a project that integrates Spring applications with the HashiCorp Vault, a tool for securely accessing secrets. This tutorial will guide you through configuring Spring Vault with a Spring Boot application, allowing you to manage your secrets efficiently and securely.

Prerequisites

Before you begin, ensure you have the following installed:

  • Java Development Kit (JDK) 8 or higher
  • Apache Maven
  • Spring Boot 2.x or higher
  • A running instance of HashiCorp Vault

Setting Up HashiCorp Vault

To start with, you need to have HashiCorp Vault installed and running. You can initialize and unseal the Vault using the following commands:

Initialize Vault:

vault operator init

Unseal Vault:

vault operator unseal [your_unseal_key]

Log in:

vault login [your_root_token]

You can now enable the KV secrets engine to store your application secrets:

vault secrets enable -path=mysecrets kv

Creating Secrets in Vault

After enabling the KV secrets engine, you can create a secret for your application:

vault kv put mysecrets/myapp username=myuser password=mypassword

This command creates a secret at the path mysecrets/myapp with a username and password.

Creating a Spring Boot Application

Now, let's create a Spring Boot application. You can use Spring Initializr (https://start.spring.io/) to bootstrap a new project. Select the following dependencies:

  • Spring Web
  • Spring Boot DevTools
  • Spring Cloud Vault Config

Once you download the project, extract it and navigate to the project directory.

Configuring Spring Vault

Open the application.yml file in your project and add the following configuration: 

spring:
  cloud:
    vault:
      uri: http://localhost:8200
      token: [your_vault_token]
      kv:
        enabled: true
        backend: mysecrets

Replace [your_vault_token] with the token you used to log in.

Accessing Secrets in Your Application

Create a service class to access the secrets stored in Vault. Here’s an example: 

import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Service;

@Service
public class MyService {
    
    @Value("${username}")
    private String username;

    @Value("${password}")
    private String password;

    public String getCredentials() {
        return "Username: " + username + ", Password: " + password;
    }
}

Creating a REST Controller

Next, create a REST controller to expose an endpoint that retrieves the credentials: 

import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;

@RestController
public class MyController {

    private final MyService myService;

    public MyController(MyService myService) {
        this.myService = myService;
    }

    @GetMapping("/credentials")
    public String getCredentials() {
        return myService.getCredentials();
    }
}

Running the Application

Now, you can run your Spring Boot application. Use the following command in your project directory:

mvn spring-boot:run

Once the application is running, you can access your secrets at http://localhost:8080/credentials.

Conclusion

In this tutorial, you learned how to integrate Spring Vault with a Spring Boot application. You set up HashiCorp Vault, created secrets, and accessed them securely within your application. This approach enhances your application's security by managing secrets in a dedicated vault.