I really need some insight here.
I have an actual setup of config-server + centralized git configuration repo + App client.
App connects to config-server, that connects to the git repo, fetch the configuration and serves back to the app, pretty standard setup for config-server
Now we are trying to use Azure Key Vault as backend, meaning that when config-server connect to the git repository, replace any placeholder in the configuration file with secrets from the AKV. However this never happens, I can see that the config-server has all the secrets put the replacement when the application calls it, never happen.
Follow some configuration
config-server: 2023.0.3 spring-cloud-azure-starter-keyvault-secrets: 5.19.0
config-server application.yaml
spring:
cloud:
config:
allowOverride: true # Allows overriding properties from different sources.
server:
enable-placeholder-resolution: true
azure:
keyvault:
secret:
property-source-enabled: true
property-sources[0]:
endpoint: "XXX"
credential:
client-id: "XXX"
client-secret: "XXX"
profile:
tenant-id: "XXX"
actuator/env of config-server showing that secrets were loaded as propertySources
{
"name": "azure-key-vault-secret-property-source-0",
"properties": {
"blackduck-token": {
"value": "******"
},
"blackduck.token": {
"value": "******"
},
"sonarqube-token": {
"value": "******"
},
"sonarqube.token": {
"value": "******"
},
"nexus-password": {
"value": "******"
},
"nexus.password": {
"value": "******"
},
"nexus-url": {
"value": "******"
},
"nexus.url": {
"value": "******"
},
"eastu-nexus-password": {
"value": "******"
},
"eastu.nexus.password": {
"value": "******"
},
"sonarqube-password": {
"value": "******"
},
"sonarqube.password": {
"value": "******"
},
"fortify-token": {
"value": "******"
},
"fortify.token": {
"value": "******"
},
"nexus-user": {
"value": "******"
},
"nexus.user": {
"value": "******"
},
"sonarqube-user": {
"value": "******"
},
"sonarqube.user": {
"value": "******"
},
"sample-maven-spring-boot---dev---feature----kvintegration---testing-secret": {
"value": "******"
},
"sample.maven.spring.boot...dev...feature....kvintegration...testing.secret": {
"value": "******"
},
"testing--secret": {
"value": "******"
},
"testing..secret": {
"value": "******"
},
"sonarqube-url": {
"value": "******"
},
"sonarqube.url": {
"value": "******"
},
"sample-maven-spring-boot---dev---feature----kvintegration---testing--secret": {
"value": "******"
},
"sample.maven.spring.boot...dev...feature....kvintegration...testing..secret": {
"value": "******"
},
"sonarqube-token": {
"value": "******"
},
"sonarqube.token": {
"value": "******"
},
"eastu-nexus-username": {
"value": "******"
},
"eastu.nexus.username": {
"value": "******"
},
"simple-key": {
"value": "******"
},
"simple.key": {
"value": "******"
},
"testing-secret": {
"value": "******"
},
"testing.secret": {
"value": "******"
}
}
}
application-dev.yaml that is retrieve by the app-client
# logging:
# level:
# root: DEBUG
app:
message: Hello from ${environment.name} demo new message
new:
message: >-
Hello from big-message
This is a longer message
for the ${environment.name} environment
being pulled from the config repository
someKey: ${simple.key}
I've tried many configurations, tried using bootstrap but I'm stuck with that, when serving it does not replace the placeholder.
Anyone has any insight?