小贝子编程

spring Vault位置[secret/我的应用程序]无法解析:未找到



我想连接到vault服务器并在春季应用程序中读取我的秘密

vault配置:

spring:
application:
name: inquiry
profiles:
active: dev
cloud:
vault:
kv:
enabled: true
backend: secret
profile-separator: '/'
application-name: inquiry
host: development
port: 8200
scheme: https
authentication: token
token: my-token
ssl:
trust-store: development-truststore.jks
trust-store-password: pass

在保险库中,我有查询策略,将附件查询令牌添加到中

vault policy read inquiry
path "secret/*" {
capabilities = ["read", "list"]
}
path "secret/data/inquiry/*" {
capabilities = ["read", "create", "update"]
}
curl --header "X-Vault-Token:my-token" -k https://localhost:8200/v1/secret/data/inquiry/dev

返回我的数据

{"request_id":"35548b9e-3422-201b-6243-a600d7f61fc3","lease_id":"","renewable":false,"lease_duration":0,"data":{"data":{"DBPassword":"pass","DBUser":"user"},"metadata":{"created_time":"2020-07-08T09:02:42.237713857Z","deletion_time":"","destroyed":false,"version":1}},"wrap_info":null,"warnings":null,"auth":null}

但在春天,我犯了一个错误:

2020-07-08 13:55:50.131  INFO 83792 --- [           main] o.s.v.a.LifecycleAwareSessionManager     : Scheduling Token renewal
2020-07-08 13:55:50.159  INFO 83792 --- [           main] o.s.v.c.e.LeaseAwareVaultPropertySource  : Vault location [secret/inquiry] not resolvable: Not found
2020-07-08 13:55:50.167  INFO 83792 --- [           main] o.s.v.c.e.LeaseAwareVaultPropertySource  : Vault location [secret/application/dev] not resolvable: Not found
2020-07-08 13:55:50.174  INFO 83792 --- [           main] o.s.v.c.e.LeaseAwareVaultPropertySource  : Vault location [secret/application] not resolvable: Not found
2020-07-08 13:55:50.175  INFO 83792 --- [           main] b.c.PropertySourceBootstrapConfiguration : Located property source: [BootstrapPropertySource {name='bootstrapProperties-secret/inquiry/dev'}, BootstrapPropertySource {name='bootstrapProperties-secret/inquiry'}, BootstrapPropertySource {name='bootstrapProperties-secret/application/dev'}, BootstrapPropertySource {name='bootstrapProperties-secret/application'}]
2020-07-08 13:55:50.181  INFO 83792 --- [           main] i.c.i.sepam.inquiry.InquiryApplication   : The following profiles are active: dev

我使用jdk14。我该怎么解决,谢谢

问题在您的保险库策略中。

path "secret/data/inquiry/*" {
capabilities = ["read", "create", "update"]
}

去掉后面的/,只剩下secret/data/inquiry*Spring正在查询中寻找对k/v存储的访问权限,而不是在子目录中。

Spring正在请求访问位于secret/app-namesecret/applicationsecret/app-name/spring-active-profile的k/v存储。对于每个路径,它都期望有一个包含所有机密的k/v存储。

我想海报不久前就解决了这个问题,但当我遇到一个不熟悉spring的人设置我的应用程序权限时,我也遇到了同样的事情。

相关内容

最新更新


热门标签:

javascript python java c# php android html jquery c++ css ios sql mysql arrays asp.net json python-3.x ruby-on-rails .net sql-server django objective-c excel regex ruby linux ajax iphone xml vba spring asp.net-mvc database wordpress string postgresql wpf windows xcode bash git oracle list vb.net multithreading eclipse algorithm macos powershell visual-studio image forms numpy scala function api selenium