本地启动vault
先阅读这个博客
Spring Boot加密配置属性--Spring Cloud Vault详解
其中关于生成本地自信任证书的问题,参考这个:
2019-12-31 MacOS下自己创建根证书和域SSL证书实现https调试
有两个问题需要注意一下:
- jks证书的生成用这个语法:
keytool -import -alias mycert -file server.crt -keystore mykeystore.jks
-
vault里面 secret路径的配置,需要注意所有路径上都应加上根路径
image.png - 这里贴一下vault的配置文件:
ui = true
## 这个路径是vault数据存储的路径
storage "file" {
path = "/Users/chao/javaweb/vault/vault-data"
}
listener "tcp" {
address = "127.0.0.1:8200"
tls_cert_file = "/Users/chao/javaweb/vault/cert/server.crt"
tls_key_file = "/Users/chao/javaweb/vault/cert/server.key"
}
api_addr = "https://10.188.12.119:8200"
springboot配置vault
- bootstrap.yml的配置
spring:
application:
name: ciphertest
cloud:
vault:
application-name: ciphertest
host: 127.0.0.1
port: 8200
scheme: https
authentication: TOKEN
token: s.GVvsiBpUtlsA2KsfVp983e1w
connection-timeout: 5000
read-timeout: 15000
config:
order: -10
ssl:
trust-store: classpath:mykeystore.jks
trust-store-password: 111111
kv:
enabled: true
backend: secret
profile-separator: /
default-context: application
application-name: ciphertest
其中,trust-store就是用上面的命令生成: keytool -import -alias mycert -file server.crt -keystore mykeystore.jks
- 如何使用vault的配置:
需要注意的是,使用的hello的值的路径其实是:
/secret/ciphertest/hello ciphertest是应用的名称
@Controller
public class HelloWorldController {
// /secret/ciphertest/hello
@Value("${hello}")
String name;
@ResponseBody
@RequestMapping(path = "say4")
public String say() {
return name;
}
}
