Using a Jenkins variable in application properties file of spring boot app

Question

I have a spring boot app that pulls secrets from vault, i want to use these secrets in my application properties file of the spring boot app.

def VAR = new groovy.json.JsonSlurper().parseText(secret)[0].VARKEY
if(VAR != ''){
    echo "Vault Secret pulled Successfully pass is "+VAR
}else{
    echo "Vault Secret Not Found"
}

This code above is successful in setting the variable VAR, how can I then use the VAR to set the value of something in my application properties file in the spring boot application?

Thanks

Answer 1

For reading via application.properties:

Set the value of VAR to the java system or environment and read it in application.properties like

my.app.prop=${ENV_VARIABLE}

For reading in Jenkins file:

In order to read it in jenkins file, write a groovy script and read the property like System.properties[ENV_VARIABLE]

Note: I assuming your Spring boot app and Jenkins runs on the same JVM.

Answer 2

You can use spring-cloud-starter-config starter pom dependency to do it in a cleaner and trusted way & avoid Reinventing the Wheel. I have used it a lot and can assure that it works like charm.

Dependency is:

 <dependency>
            <groupId>org.springframework.cloud</groupId>
            <artifactId>spring-cloud-starter-vault-config</artifactId>
            <version>2.0.0.RELEASE</version>
        </dependency>

Usage: You must declare all the properties in application.properties file (Assume these are default values) that you want values mapped from vault.

Then you must declare a spring Configuration annotated with @VaultPropertySource as below:

@Configuration
@Profile("prod")
@VaultPropertySource(
    value = {
      "secret/${spring.application.name}/spring.mail.username",
      "secret/${spring.application.name}/spring.mail.password",
    })
public class VaultConfig {

  @Bean
  @ConditionalOnProperty("spring.cloud.vault.enabled")
  public VaultTemplate vaultTemplate(
      @Value("${spring.cloud.vault.host:localhost}") final String host,
      @Value("${spring.cloud.vault.port:8200}") final String port,
      @Value("${spring.cloud.vault.scheme:https}") final String scheme,
      SessionManager sessionManager) {
    VaultEndpoint vaultEndpoint = VaultEndpoint.create(host, Integer.valueOf(port));
    vaultEndpoint.setScheme(scheme);
    return new VaultTemplateExtension(
        vaultEndpoint, new HttpComponentsClientHttpRequestFactory(), sessionManager);
  }
}

Note:

1. I have used @Profile annotation just to show how you can configure it for a profile only.

2. vaultTemplate method receives it's valut server config values either from specified properties or the default values separated by colon.

3. You can use @ConditionalOnProperty decides when to enable properties to vault secret mapping.

That's all. Now your props have values from vault. You can see how cleanly it populates the values to the properties.

Only one thing to ensure is that you need to specify the properties that receive value from vault in @VaultPropertySource's value property.