Vault Cubbyhole authentication and its integration with Spring framework
1. Background For micro service, it's essential not to bundle secrets into our code base, but to move them to an external central managed secrets store. In this article, I'm going to introduce how to use HashiCorp’s Vault to externalize JAVA Spring micro service application configurations. With Vault you have a central place to manage external secret properties for applications across all environments. There are multiple authentication methods from Vault, but most of them are not suitable for Spring micro service, or not safe enough. When the application starts up I want all the properties to be automatically loaded into Spring context without interaction with human, so that the secrets can be used just like they are loaded from Spring's properties. The solution is to use single-use Vault Cubbyhole wrapping token to deliver the original token to the application. 2. Vault server We simply use docker compose to set up a Vault server. docker-compose.yml: version: '3.4