Thanks for the video...Good one with perfect explanation 👌👌
@TheDevWorldbySergioLema2 жыл бұрын
Thanks to you for taking your time to write this comment
@jeancarlossouza3432 Жыл бұрын
Saudações de um dev brasileiro! Obrigado pelo tutorial, estava configurando certo e dava erro, a propriedade que estava faltando era a do spring.cloud.config.server.vault.order=1 isso faz com que os dois funcionem perfeitamente. Thank you very much for this, it helped alot.
@TheDevWorldbySergioLema Жыл бұрын
Glad it helped you!
@pavanmadiraju2 ай бұрын
Nice video, I was almost able to have my spring cloud config client get password from vault. Not sure what you did on the client side to indicate that it needs to get the password from Spring Config vault. Can you share what how did you accomplish that. Spring documentation seems to refer to about Define properties with the {vault} prefix to specify the Vault path and key for retrieving secrets:
@TheDevWorldbySergioLema2 ай бұрын
Thanks! On the client, I've added the configuration of Spring Config Client indicating that the first source is from Vault (and I've configured the Vault access).
@glisavkatroshi3237 Жыл бұрын
Does this also work for nested secret paths in Vault? For example, in Secret Engine secret/ , I will have secret key as application and inside application another subfolder, let's call it dev and inside dev, we could have properties. So secret/application/dev/properties. In this path, we can store a key value pair of secret. Somehow I can't pull secrets from this path. Can you please help me?
@TheDevWorldbySergioLema Жыл бұрын
Never tried this far. What is the problem? Do you have some error logs?
@ai_made_easy8 ай бұрын
Thanks for the video. Can you let me whether it is okay to do what I did: I added a spring security to the config server, a databased backend and stored the username and password on Hashicorp vault. I decided to connect the client services using the keys retrieved from vault. Unfortunately, this doesnt work. When I directly used the username and password in the spring.config.import for the services, it works. I will not want to hard code the username and password into the properties folder. Can you help me know why it is not connecting? Thanks, Sergio.
@TheDevWorldbySergioLema8 ай бұрын
Do you use Spring Config Bootstrap? docs.spring.io/spring-cloud-config/docs/current/reference/html/#config-first-bootstrap
@ai_made_easy8 ай бұрын
Yes I actually use bootstrap. Thanks or the reply@@TheDevWorldbySergioLema
@ai_made_easy8 ай бұрын
Thanks again for the response and link. I think it may be fine to use the username and password directly in the code following the examples provided in the doc you sent. Because services using http can often let some flexibility. @@TheDevWorldbySergioLema
@ayuen100home63 жыл бұрын
Nice tutorial. Quite easy to follow :) Question though: I see you're storing he vault configs in the root directory "secret/service-users". Is there a way to store them in sub directories? e.g. "secret/dev/service-users", "secret/test/service-users", "secret/prod/service-users", etc... If so, how is this configured on both the server and client apps?
@TheDevWorldbySergioLema3 жыл бұрын
Thanks, yes you can do it. To configure this in Vault, you must create the directories manually. But in the application, you can use environnement variables in your configuration file to obtain the path depending where the application is running, only based on an environment variable
@gopalpatil80982 жыл бұрын
How do i check if vault properties can be fetched?
@TheDevWorldbySergioLema2 жыл бұрын
I'm not sure to understand your question. This video is about the distributed configuration architecture with Spring Cloud. For that, I've used Vault, but I'm not aware of the Vault details (if that's what you're asking for).
@shirishabonagam5262 жыл бұрын
Hi,Thanks for the video. please can you Suggest me how to add dbpassword as & Symbol in vault. when i add dbpassword like sh&6%4*fhwT in vault , am getting '6%4*fhwT' is not recognized as an internal or external command. please suggest me how to read the above password
@TheDevWorldbySergioLema2 жыл бұрын
How are you inserting the password? Because using Java, the '&' isn't a special character and should be inserted correctly. If you use bash, then use single quotes for the password, otherwise the '&' will be interpreted as a variable. Another option is to encode your password, like using URL encoding to avoid to have the '&' symbols.
@shirishabonagam5262 жыл бұрын
@@TheDevWorldbySergioLema am inserting passwords in vault as you mentioned in vault terminal spring.datasource.password.in my application password is dbpassword = sh&64*fhwT ... After & am getting '64*fhwT' is not recognised.
@shirishabonagam5262 жыл бұрын
@@TheDevWorldbySergioLema and I have one more query.my application name is customer and inside customer folder services folder is there.inside the services I have four property files are there. I was used label also to checkout the other branch.. but am unable to fetch the uri specified in config server.
@TheDevWorldbySergioLema2 жыл бұрын
You must check directly in Vault, because I think the problem is not at the read but when storing the password in Vault.
@TheDevWorldbySergioLema2 жыл бұрын
Check here, cloud.spring.io/spring-cloud-config/reference/html/#_quick_start, how Spring Cloud Config searches for the application yml files depending on the application name, profile and label.
@sladerunsoftware3812 жыл бұрын
Thanks for this, Sergio. Very helpful in its conciseness. A couple of security observations: 1. You seem to suggest that the Git repo's username and password might be embedded in the "cloud.config.server.git.uri'. All secrets should reside in Vault, no? If so, how would you tell the config server to get the Git credentials from Vault? And, 2. Along the same lines, it looks like the Config Server's microservice clients have unprotected access to the server? Shouldn't each microservice have its own Config Server username and password, again, residing in Vault? Just a couple of thoughts as I'm currently upgrading a 2 year old system and intend to make sure all assets are secured and all secrets are stored in Vault. Questions are rhetorical... Please don't feel obligated to respond .
@TheDevWorldbySergioLema2 жыл бұрын
Thanks for your observations. 1. The configuration described is in the Config Server. In some way, the Config Server must know how to update the Git repository. I know that having the credentials in the application yaml isn't very secure. Nevertheless, having them in Vault will lead to an infinite loop. But for the Git authentication you have other methods, as the SSH keys. 2. I've shown a quick setup of Spring Config Server with Vault. But you're right, for security reasons, each microservice should need a set of individual credentials to get the information from the Config Server. There are multiple ways to do that: with the username and password in the bootstrap file; with the username and password in the Config Server URL; or indicating which individual Vault token to use to retrieve the personal configuration. This way, only the target microservice knows about the Vault authentication with its particular configuration, no other microservice can access this particular configuration without this personal Token. I hope I've answered your doubts. And courage for the migration!
@maneshipocrates22642 жыл бұрын
Is boostrap not legacy?
@TheDevWorldbySergioLema2 жыл бұрын
I'm not sure to understand your question. I'm not even sure how it's related to the video.
@maneshipocrates22649 ай бұрын
Hi. I was asking whether using the bootstrap dependency in boot 3.2 is optional? And I am trying to load properties from a onfig server. The issue is: when I use a username and password to lok the config server (and implemented credential authentication from the config server database), it is impossible for the config client to authenticate using the secrets from vault. I could not load the config lient properties even after storing the username and password in Hashicorp vault. Thanks@@TheDevWorldbySergioLema