我是Vault的新手。我正在尝试使用APPROLE作为认证方法将Vault与弹簧启动集成。我的引导配置。Yml如下:
spring:
application:
name: <application-name>
cloud:
vault:
host: <host-url>
scheme : https
port: <port>
kv-version: 2
namespace: <namespace-name>
authentication: APPROLE
app-role:
role-id: <role-id>
role: <role-name>
app-role-path: <path>
,当我使用此配置运行时。我得到错误
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'vaultTemplate' defined in class path resource [org/springframework/cloud/vault/config/VaultAutoConfiguration.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.springframework.vault.core.VaultTemplate]: Factory method 'vaultTemplate' threw exception; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'vaultSessionManager' defined in class path resource [org/springframework/cloud/vault/config/VaultAutoConfiguration.class]: Unsatisfied dependency expressed through method 'vaultSessionManager' parameter 0; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'clientAuthentication' defined in class path resource [org/springframework/cloud/vault/config/VaultAutoConfiguration.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.springframework.vault.authentication.ClientAuthentication]: Factory method 'clientAuthentication' threw exception; nested exception is java.lang.IllegalArgumentException: Token (spring.cloud.vault.token) must not be empty
我想知道如果我使用APPROLE的认证方法,为什么它要求TOKEN。
另外,由于secret-id具有动态性质,不能存储在配置文件中,是否可以使用全拉模式进行APPROLE认证?
下面描述了使用APPROLE身份验证的spring云配置样例yaml。在你提到的配置中有一些东西拼写错误
cloud:
vault:
uri: https:<vault-uri>
authentication: APPROLE
app-role:
roleId: <roleId>
secretId: <secretId>