DEV Community

khalil la
khalil la

Posted on

πŸ” Spring Boot + Vault Configuration with Environment-Aware Setup

This guide demonstrates how to configure a Spring Boot application to use HashiCorp Vault for secrets in remote environments (e.g., prod, staging, integration) while avoiding Vault entirely in local environments (dev, test), using only one main configuration file and minimal profile-specific overrides.

βœ… Goals

  • Use only one main application.properties file
  • Avoid Vault in dev and test profiles
  • Enable Vault by default for all other environments
  • Support dynamic Vault paths like secret/prod/vault-demo
  • Manage Vault and Spring behavior with environment variables
  • Provide launcher classes for local testing with dev or test profile

πŸ“¦ Maven Dependencies 

<dependencies>
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter</artifactId>
    </dependency>
    <dependency>
        <groupId>org.springframework.cloud</groupId>
        <artifactId>spring-cloud-starter-vault-config</artifactId>
    </dependency>
</dependencies>

<dependencyManagement>
    <dependencies>
        <dependency>
            <groupId>org.springframework.cloud</groupId>
            <artifactId>spring-cloud-dependencies</artifactId>
            <version>2023.0.0</version>
            <type>pom</type>
            <scope>import</scope>
        </dependency>
    </dependencies>
</dependencyManagement>
Enter fullscreen mode Exit fullscreen mode

βš™οΈ Properties Files

βœ… application.properties (Default for remote environments) 

spring.application.name=vault-demo

# Vault is enabled by default (for remote)
spring.cloud.vault.authentication=token
spring.cloud.vault.token=${VAULT_TOKEN}
spring.cloud.vault.kv.enabled=true
spring.cloud.vault.kv.backend=secret
spring.cloud.vault.kv.application-name=${VAULT_ENV}/vault-demo
spring.cloud.vault.uri=${VAULT_URI}
Enter fullscreen mode Exit fullscreen mode

❌ application-dev.properties 

spring.cloud.vault.enabled=false
my.secret.property=local-dev-value
Enter fullscreen mode Exit fullscreen mode

❌ application-test.properties 

spring.cloud.vault.enabled=false
my.secret.property=local-test-value
Enter fullscreen mode Exit fullscreen mode

πŸ”§ Run Examples

βœ… Remote (Vault-enabled) 

export VAULT_ENV=prod
export VAULT_URI=https://vault.company.com
export VAULT_TOKEN=your-token

./mvnw spring-boot:run
Enter fullscreen mode Exit fullscreen mode

πŸ§ͺ Local Dev Profile 

./mvnw spring-boot:run -Dspring.profiles.active=dev
Enter fullscreen mode Exit fullscreen mode

πŸ” Accessing Secrets in Code 

@Value("${my.secret.property}")
private String secretValue;
Enter fullscreen mode Exit fullscreen mode

Or:

@ConfigurationProperties(prefix = "my.secret")
public class SecretConfig {
    private String property;
    // Getters and setters
}
Enter fullscreen mode Exit fullscreen mode

🧠 Summary

Environment Profile Vault Used Vault Path
dev dev ❌ No N/A
test test ❌ No N/A
integration (none) βœ… Yes secret/integration/vault-demo
staging (none) βœ… Yes secret/staging/vault-demo
prod (none) βœ… Yes secret/prod/vault-demo

βœ… Environment Variable Reference

Variable Purpose Example
SPRING_PROFILES_ACTIVE Activates local profile (dev, test) dev, test
VAULT_ENV Remote Vault env name (prod, staging) prod, staging, integration
VAULT_URI Vault endpoint https://vault.company.com
VAULT_TOKEN Vault token for authentication s.XXXXXXXXXXXX

Top comments (0)