Re: Variable Substitution in manifest.yml #

Lingesh Mouleeshwaran

Hello Karthi, 

Even we also get rid of all secrets managed in *.yml file and moved all secrets to the vault, and we have the simple jar which embedded into spring/spring boot war. 

For Example, below entry sufficient for any web application in manifest.yml, and we have made it vault orphan token lifetime which having 10 years tenure. 

    JAVA_OPTS:"<<Vault secret path>>" 

Spring dependency entry :

Below entries required for any web application to embed your vault client jar.


            classpath*:/spring-vault-conf.xml  //this file will have details about your propertyplaceholder logic 

Your vault client can be the child of class PropertyPlaceholderConfigurer and you can override below method to read from the vault and populate to system ENVs

* {@inheritDoc}
* @throws IOException
protected void loadProperties(Properties properties) throws IOException {

Hope this gives you some context what you're looking, additional even if go via Jenkins/Travis services, still, secrets are exposed to an environment variable, anyone can able to look the secrets via cf env.

Lingesh M

On Tue, Jul 24, 2018 at 2:29 PM, <kvemula15@...> wrote:
Hi Nic,
Thank you for confirming me.Can you point me to any examples /links on web of how it could be done in CI like in jenkins world for file creation that you were talking of.

Join { to automatically receive all group messages.