{"id":22441937,"url":"https://github.com/colinbut/vault-springboot","last_synced_at":"2026-05-03T22:31:16.054Z","repository":{"id":69158701,"uuid":"440627009","full_name":"colinbut/vault-springboot","owner":"colinbut","description":"Vault Spring Boot integration example","archived":false,"fork":false,"pushed_at":"2021-12-29T22:26:29.000Z","size":67,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-10-15T18:19:40.346Z","etag":null,"topics":["secrets","spring","spring-boot","springboot","vault"],"latest_commit_sha":null,"homepage":"","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/colinbut.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-12-21T19:20:24.000Z","updated_at":"2022-01-12T20:34:05.000Z","dependencies_parsed_at":"2023-06-26T22:06:34.514Z","dependency_job_id":null,"html_url":"https://github.com/colinbut/vault-springboot","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/colinbut/vault-springboot","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/colinbut%2Fvault-springboot","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/colinbut%2Fvault-springboot/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/colinbut%2Fvault-springboot/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/colinbut%2Fvault-springboot/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/colinbut","download_url":"https://codeload.github.com/colinbut/vault-springboot/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/colinbut%2Fvault-springboot/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32587816,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-03T22:12:39.696Z","status":"ssl_error","status_checked_at":"2026-05-03T22:09:10.534Z","response_time":103,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["secrets","spring","spring-boot","springboot","vault"],"created_at":"2024-12-06T02:16:55.144Z","updated_at":"2026-05-03T22:31:16.036Z","avatar_url":"https://github.com/colinbut.png","language":"Java","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Vault Spring Boot\n\n## Overview\n\nThis sample project demonstrates...\n\n__What this is not?__\n\n[TBD]\n\n## Setting Up Vault\n\nThis example just uses the Vault sample dev server.\n\nTo start up the Vault Server:\n\n```bash\nvault server -dev\n```\n\nInput some secrets:\n\nAs an example...\n\n```bash\nvault kv put secret/app-secrets temp_pwd=ik1ahTho$a0eim8a api_key=a4db08b7-5729-4ba9-8c08-f2df493465a1 generic_secret=s3cr3t\n```\n\nNote:*\nAbove secrets are NOT real secrets. They are secret for purposefully for this demo repo.\n\n## How it Works?\n\nSee `SecretsService.java`:\n\n```java\n```\n\nAll it does is it makes a REST API call to the Vault Server at the location of VAULT_ADDR and authentication with the VAULT_TOKEN.\nIt fetches back the secret at the predefined path as for the purpose of this demo:\n\n```java\nprivate static final String SECRET_URL_PATH = \"/v1/secret/data/app-secrets\";\n```\n\nWe then lastly, filter out the required field of the secret we are after by navigating through the JSON tree via the external JSON Jackson Library.\n\n_Note that for the simplicity of this particular demo I just fetch a string JSON response back rather than complicating things in mapping the returned JSON response into a POJO (which is probable but given that most of the data returned back are metadata which we are not really concerned about i just didn't feel it warrants that approach)._\n\nEssentially what it is doing is making a curl request:\n\n```bash\ncurl -H \"X-VAULT-TOKEN: $VAULT_TOKEN\" $VAULT_ADDR/v1/secret/data/app-secrets\n```\n\nAnd it returns the following HTTP response body:\n\nas an example:\n\n```json\n{\n  \"request_id\": \"cd60061c-e16c-b7c4-3769-12b6e1a55e24\",\n  \"lease_id\": \"\",\n  \"renewable\": false,\n  \"lease_duration\": 0,\n  \"data\": {\n    \"data\": {\n      \"api_key\": \"a4db08b7-5729-4ba9-8c08-f2df493465a1\",\n      \"generic_secret\": \"s3cr3t\",\n      \"temp_pwd\": \"ik1ahTho\"\n    },\n    \"metadata\": {\n      \"created_time\": \"2021-12-28T13:18:43.767322Z\",\n      \"custom_metadata\": null,\n      \"deletion_time\": \"\",\n      \"destroyed\": false,\n      \"version\": 1\n    }\n  },\n  \"wrap_info\": null,\n  \"warnings\": null,\n  \"auth\": null\n}\n```\n\nSo the Java code is merely a wrapper around the above.\n\n### Vault Details in Application Configuration\n\nEnsure the the `demo.mode` property is set to `APP-CONFIG`\n\n```yaml\ndemo:\n  mode: APP-CONFIG\n```\n\n__Configuration__\n\nIn the `application.yaml` configuration file we define the connection details to Vault:\n\ne.g.\n```yaml\nvault:\n  addr: http://127.0.0.1:8200\n  token: your-token\n```\n\n__RestTemplate Configuration__\n\nThe base path of the \"Vault Address\" is wired into the configuration of the RestTemplate Spring Bean:\n\n```java\n@Configuration\npublic class RestTemplateConfig {\n\n    @Value(\"${vault.addr}\")\n    private String vaultAddr;\n    \n    @Bean\n    public RestTemplate restTemplate(RestTemplateBuilder restTemplateBuilder) {\n        RestTemplate restTemplate = restTemplateBuilder.build();\n        restTemplate.setUriTemplateHandler(new DefaultUriBuilderFactory(vaultAddr));\n        return restTemplate;\n    }\n}\n```\n\nIn the `SecretsService.java` class:\n\n```java\n@Service\npublic class SecretsService {\n\n    // other code omitted for brevity\n\n    @Value(\"${vault.token}\")\n    private String vaultToken;\n\n    // other code omitted for brevity\n```\n\nWe autowire the `Vault Token` that is used for authentication to Vault.\n\n### Using Environment Variables\n\nRather than hardcode the Vault details (especially the VAULT TOKEN which is a secret itself), we can inject these properties into the application via the following Environment Variables:\n\nVAULT_ADDR\nVAULT_TOKEN\n\nEnsure the the `demo.mode` property is set to `ENV-VAR`\n\n```yaml\ndemo:\n  mode: ENV-VAR\n```\n\nExport the __VAULT_ADDR__ and __VAULT_TOKEN__ environment variables respectively.\n\nAs can be seen in the following code:\n\n```java\n  if (demoMode.equals(DemoMode.ENV_VAR.getDemoModeConf())){\n    headers.set(\"X-VAULT-TOKEN\", System.getenv(\"VAULT_TOKEN\"));\n  } else if (demoMode.equals(DemoMode.APP_CONFIG.getDemoModeConf())){\n    headers.set(\"X-VAULT-TOKEN\", vaultToken);\n  }\n```\n\nWe switch the method we obtain the VAULT_TOKEN accordingly.\n\n\n## Authors\n\nColin But\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcolinbut%2Fvault-springboot","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcolinbut%2Fvault-springboot","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcolinbut%2Fvault-springboot/lists"}