Re: Variable Substitution in manifest.yml #
|
Lingesh Mouleeshwaran
Hello Karthi, Even we also get rid of all secrets managed in *.yml file and moved all secrets to the vault, and we have the simple jar which embedded into spring/spring boot war. For Example, below entry sufficient for any web application in manifest.yml, and we have made it vault orphan token lifetime which having 10 years tenure. env: JAVA_OPTS: -Dspring.application.name="<<Vault secret path>>" -Dspring.cloud.vault.token=000-000-00000000-00 Spring dependency entry : Below entries required for any web application to embed your vault client jar. <dependency> <groupId>com.config.vault</groupId> <artifactId>vault-java</artifactId> <version>1.0.0</version> </dependency> <context-param> <param-name>contextConfigLocation</param-name> <param-value> classpath*:/spring-vault-conf.xml //this file will have details about your propertyplaceholder logic </param-value> </context-param> Your vault client can be the child of class PropertyPlaceholderConfigurer and you can override below method to read from the vault and populate to system ENVs /** * {@inheritDoc} * * @throws IOException */ protected void loadProperties(Properties properties) throws IOException { super.loadProperties(properties.putAll(vaultResource.read())); } Hope this gives you some context what you're looking, additional even if go via Jenkins/Travis services, still, secrets are exposed to an environment variable, anyone can able to look the secrets via cf env. Regards Lingesh M On Tue, Jul 24, 2018 at 2:29 PM, <kvemula15@...> wrote: Hi Nic,Thank you for confirming me.Can you point me to any examples /links on web of how it could be done in CI like in jenkins world for file creation that you were talking of. |
|
|