I am investigating how I can use Vault 0.11.1 and Spring Vault 2.0.2.RELEASE. I have set up a dev Vault:
vault server -dev
and added some data
vault kv put secret/certs/jan cert=ABCD
which I can read with Spring Vault
@Autowired
private VaultOperations operations;
String path = "secret/data/certs/jan";
System.out.println(operations.read(path).getData());
note that, curiously, I have to insert "data/" in the path to find it again.
deleting the data works fine too:
operations.delete(path);
but writing data with
Secret secret = new Secret("ABCD");
operations.write(path, secret);
fails with
org.springframework.vault.VaultException: Status 400 secret/data/certs/jan: no data provided
Secret is a simple bean:
@AllArgsConstructor
@NoArgsConstructor
@Data
public class Secret {
String cert;
}
and the jason conversion seems to go fine:
DEBUG org.springframework.web.client.RestTemplate - Writing [Secret(cert=ABCD)] using [org.springframework.http.converter.json.MappingJackson2HttpMessageConverter@add0edd]
Simply trying to write a String
operations.write(path, "foo=bar");
also fails:
Status 400 secret/data/certs/jan: failed to parse JSON input: invalid character 'o' in literal false (expecting 'a')
It looks like you're using Vault's versioned Key-Value backend. New instances of Vault 0.10 and newer mount the versioned backend by default at secret/
which requires you to use a specific API.
There are subtle API differences between the unversioned (v1) and versioned (v2) Key Value backend, that add additional elements to the context path and the actual JSON payload.
Example for Key-Value backend v1:
POST /v1/secret/certs/jan
{"key":"value"}
Example for Key-Value backend v2:
POST /v1/secret/data/certs/jan
{"data":{"key":"value"}}
For using Spring Vault, this means that you need to upgrade to version 2.1.0 and use the VaultKeyValueOperations
API:
VaultKeyValueOperations keyValue = vaultOperations.opsForKeyValue("secret", KeyValueBackend.versioned());
keyValue.put("certs/jan", secret);
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With