2020-01-07 springboot集成vault

本地启动vault

先阅读这个博客

Spring Boot加密配置属性--Spring Cloud Vault详解

其中关于生成本地自信任证书的问题,参考这个:
2019-12-31 MacOS下自己创建根证书和域SSL证书实现https调试

有两个问题需要注意一下:

  1. jks证书的生成用这个语法:
keytool -import -alias mycert -file server.crt -keystore mykeystore.jks 
  1. vault里面 secret路径的配置,需要注意所有路径上都应加上根路径


    image.png
  2. 这里贴一下vault的配置文件:
ui = true

## 这个路径是vault数据存储的路径
storage "file" {
  path = "/Users/chao/javaweb/vault/vault-data"
}

listener "tcp" {
  address     = "127.0.0.1:8200"
  tls_cert_file = "/Users/chao/javaweb/vault/cert/server.crt"
  tls_key_file = "/Users/chao/javaweb/vault/cert/server.key"
}

api_addr = "https://10.188.12.119:8200"

springboot配置vault

  1. bootstrap.yml的配置
spring:
  application:
    name: ciphertest
  cloud:
    vault:
      application-name: ciphertest
      host: 127.0.0.1
      port: 8200
      scheme: https
      authentication: TOKEN
      token: s.GVvsiBpUtlsA2KsfVp983e1w
      connection-timeout: 5000
      read-timeout: 15000
      config:
        order: -10
      ssl:
        trust-store: classpath:mykeystore.jks
        trust-store-password: 111111
      kv:
        enabled: true
        backend: secret
        profile-separator: /
        default-context: application
        application-name: ciphertest

其中,trust-store就是用上面的命令生成: keytool -import -alias mycert -file server.crt -keystore mykeystore.jks

  1. 如何使用vault的配置:
    需要注意的是,使用的hello的值的路径其实是:

/secret/ciphertest/hello ciphertest是应用的名称

@Controller
public class HelloWorldController {

    // /secret/ciphertest/hello
    @Value("${hello}")
    String name;

    @ResponseBody
    @RequestMapping(path = "say4")
    public String say() {
        return name;
    }
}

你可能感兴趣的:(2020-01-07 springboot集成vault)