How to use Spring Cloud Config Server with Git and Vault | Microservices 4

Thanks for the video...Good one with perfect explanation 👌👌

deepikadurairaj

Saudações de um dev brasileiro! Obrigado pelo tutorial, estava configurando certo e dava erro, a propriedade que estava faltando era a do isso faz com que os dois funcionem perfeitamente. Thank you very much for this, it helped alot.

jeancarlossouza

Nice video, I was almost able to have my spring cloud config client get password from vault. Not sure what you did on the client side to indicate that it needs to get the password from Spring Config vault. Can you share what how did you accomplish that. Spring documentation seems to refer to about
Define properties with the {vault} prefix to specify the Vault path and key for retrieving secrets:

pavanmadiraju

Nice tutorial. Quite easy to follow :)
Question though:
I see you're storing he vault configs in the root directory "secret/service-users".
Is there a way to store them in sub directories? e.g. "secret/dev/service-users", "secret/test/service-users", "secret/prod/service-users", etc...
If so, how is this configured on both the server and client apps?

ayuenhome

Thanks for the video. Can you let me whether it is okay to do what I did: I added a spring security to the config server, a databased backend and stored the username and password on Hashicorp vault. I decided to connect the client services using the keys retrieved from vault. Unfortunately, this doesnt work. When I directly used the username and password in the spring.config.import for the services, it works. I will not want to hard code the username and password into the properties folder. Can you help me know why it is not connecting? Thanks, Sergio.

ai_made_easy

Does this also work for nested secret paths in Vault? For example, in Secret Engine secret/, I will have secret key as application and inside application another subfolder, let's call it dev and inside dev, we could have properties. So In this path, we can store a key value pair of secret. Somehow I can't pull secrets from this path. Can you please help me?

glisavkatroshi

How do i check if vault properties can be fetched?

gopalpatil

Hi, Thanks for the video. please can you Suggest me how to add dbpassword as & Symbol in vault. when i add dbpassword like sh&6%4*fhwT in vault, am getting '6%4*fhwT' is not recognized as an internal or external command. please suggest me how to read the above password

shirishabonagam

Thanks for this, Sergio. Very helpful in its conciseness. A couple of security observations:

1. You seem to suggest that the Git repo's username and password might be embedded in the All secrets should reside in Vault, no? If so, how would you tell the config server to get the Git credentials from Vault? And,
2. Along the same lines, it looks like the Config Server's microservice clients have unprotected access to the server? Shouldn't each microservice have its own Config Server username and password, again, residing in Vault?

Just a couple of thoughts as I'm currently upgrading a 2 year old system and intend to make sure all assets are secured and all secrets are stored in Vault.

Questions are rhetorical... Please don't feel obligated to respond <grin>.

sladerunsoftware