2. Programming Q&A
  3. java - Unable to inject secrets from Vault in springboot application - Stack Overflow

java - Unable to inject secrets from Vault in springboot application - Stack Overflow

admin2025-04-24  52

application.yml:

spring:
  application:
    name: MyService

  profiles:
    active: dev

  cloud:
    vault:
      enabled: true
      namespace: ${VAULT_NAMESPACE}
      uri: 
      authentication: APPROLE
      app-role:
        role-id: ${VAULT_APPROLE_ROLE_ID}
        secret-id: ${VAULT_APPROLE_SECRET_ID}
      kv:
        enabled: true
        backend: kv-dev
        default-context: couchbase-dev
        application-name: ${spring.application.name}
        version: 2
        profiles: ${spring.profiles.active}

    config:
      import: vault://
    couchbase:
      username: ${username}
      password: ${password}
      connection-string: ${COUCHBASE_CONNECTION}
      bucket:
        name: ${COUCHBASE_BUCKET_NAME}
      auto-index: true

pom.xml:

        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-data-couchbase</artifactId>
        </dependency>
    
        <dependency>
            <groupId>org.springframework.cloud</groupId>
            <artifactId>spring-cloud-starter-vault-config</artifactId>
            <version>4.1.2</version>
        </dependency>

        <dependency>
            <groupId>org.springframework.vault</groupId>
            <artifactId>spring-vault-core</artifactId>
            <version>3.1.2</version>
        </dependency>

Through API I am able to get secrets, using the same app-role-id/secret: API: with headers X-Vault-Token X-Vault-Namespace Response:

{
  "request_id": "f7c177ec-7291-6872-4f03-d2453d9d4ed6",
  "lease_id": "",
  "renewable": false,
  "lease_duration": 0,
  "data": {
    "data": {
      "password": "dgdrg",
      "username": "dgdfhfdh"
    },
    "metadata": {
      "created_time": "2024-12-18T08:22:08.908747692Z",
      "custom_metadata": null,
      "deletion_time": "",
      "destroyed": false,
      "version": 3
    }
  },
  "wrap_info": null,
  "warnings": null,
  "auth": null,
  "mount_type": "kv"
}

On boot the springboot application gives error: Caused by: java.lang.IllegalArgumentException: Could not resolve placeholder 'username' in value "${username}"

I am expecting the ${username} to be injected from vault. I have verified all env variables are properly set.

In the logs I see that vault related classes are being autoconfigured. Please let me know what am I missing.

application.yml:

spring:
  application:
    name: MyService

  profiles:
    active: dev

  cloud:
    vault:
      enabled: true
      namespace: ${VAULT_NAMESPACE}
      uri: https://vault.my.org
      authentication: APPROLE
      app-role:
        role-id: ${VAULT_APPROLE_ROLE_ID}
        secret-id: ${VAULT_APPROLE_SECRET_ID}
      kv:
        enabled: true
        backend: kv-dev
        default-context: couchbase-dev
        application-name: ${spring.application.name}
        version: 2
        profiles: ${spring.profiles.active}

    config:
      import: vault://
    couchbase:
      username: ${username}
      password: ${password}
      connection-string: ${COUCHBASE_CONNECTION}
      bucket:
        name: ${COUCHBASE_BUCKET_NAME}
      auto-index: true

pom.xml:

        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-data-couchbase</artifactId>
        </dependency>
    
        <dependency>
            <groupId>org.springframework.cloud</groupId>
            <artifactId>spring-cloud-starter-vault-config</artifactId>
            <version>4.1.2</version>
        </dependency>

        <dependency>
            <groupId>org.springframework.vault</groupId>
            <artifactId>spring-vault-core</artifactId>
            <version>3.1.2</version>
        </dependency>

Through API I am able to get secrets, using the same app-role-id/secret: API: https://vault.my.org/v1/kv-dev/data/couchbase-dev with headers X-Vault-Token X-Vault-Namespace Response:

{
  "request_id": "f7c177ec-7291-6872-4f03-d2453d9d4ed6",
  "lease_id": "",
  "renewable": false,
  "lease_duration": 0,
  "data": {
    "data": {
      "password": "dgdrg",
      "username": "dgdfhfdh"
    },
    "metadata": {
      "created_time": "2024-12-18T08:22:08.908747692Z",
      "custom_metadata": null,
      "deletion_time": "",
      "destroyed": false,
      "version": 3
    }
  },
  "wrap_info": null,
  "warnings": null,
  "auth": null,
  "mount_type": "kv"
}

On boot the springboot application gives error: Caused by: java.lang.IllegalArgumentException: Could not resolve placeholder 'username' in value "${username}"

I am expecting the ${username} to be injected from vault. I have verified all env variables are properly set.

In the logs I see that vault related classes are being autoconfigured. Please let me know what am I missing.

  • java
  • spring-boot
  • hashicorp-vault
  • vault
Share Improve this question asked Jan 17 at 20:34 MumzeeMumzee 8081 gold badge13 silver badges29 bronze badges
Add a comment  | 

2 Answers 2

Reset to default 0

The identation in application.yml for spring.config.import is incorrect. The correct place for config is:

spring:
  application:
    name: MyService

  profiles:
    active: dev
  config:
    import: vault://

After this the secrets are successfully getting injected in the springboot application.

This issue related to a missing environment variable. Kindly review the configuration map and ensure that the environment variable is properly set within it. example : username=XYZ. Once this is completed, you may verify.

转载请注明原文地址:http://anycun.com/QandA/1745458156a90712.html

javaUnable to inject secrets from Vault in springboot applicationStack Overflow