unable to load secrets from vault when spring.cloud.vault.config.lifecycle.enabled is set to false

1.4k Views Asked by At

I am using spring cloud starter vault config of version 2.2.5.RELEASE for connecting to my secured vault server which is working on approle authentication mechanism, i observed that if i setup value to false for property spring.cloud.vault.config.lifecycle.enabled spring is unable to load secrets from vault its failing with below error:

17:27:05.823 DEBUG [ main] o.s.v.a.AppRoleAuthentication - - Login successful using AppRole authentication
17:27:06.121 WARN [ main] o.s.c.v.config.VaultConfigTemplate - - Could not locate PropertySource: Status 403 Forbidden [/*/local]: 1 error occurred:
* permission denied

below is my bootstrap.properties configuration:
#Project Details
info.app.name = ****
info.app.version = @project.version@

spring.application.name = ***

logging.level.org.springframework.vault = TRACE

spring.cloud.vault.app-role.auth-path=approle
spring.cloud.vault.app-role.role-id=****
spring.cloud.vault.app-role.secret-id=****
spring.cloud.vault.authentication=APPROLE
spring.cloud.vault.generic.application-name=****
spring.cloud.vault.generic.backend=***
spring.cloud.vault.generic.enabled=false
spring.cloud.vault.host=****
spring.cloud.vault.kv.application-name=****
spring.cloud.vault.kv.backend=****
spring.cloud.vault.kv.enabled=true
spring.cloud.vault.kv.profile-separator=/
spring.cloud.vault.port=8200
spring.cloud.vault.scheme=https
spring.cloud.vault.ssl.trust-store=*****.jks
spring.cloud.vault.ssl.trust-store-password=***
management.health.vault.enabled = false
spring.cloud.vault.config.lifecycle.enabled=false


Note if spring.cloud.vault.config.lifecycle.enabled is set to true then it is able to load secrets from vault. my goal for setting this property is to load secrets from vault only during application startup time and reduce further secret renew calls to vault once application is started.

below are the sequence of requests to vault when property is set to true

https://:/v1/sys/internal/ui/mounts///local

https://:/v1/auth/approle/login

https://:/v1//data//local

https://:/v1/sys/internal/ui/mounts//

https://:/v1//data/

below are requests to vault when property is set to false https://:/v1///local

0

There are 0 best solutions below