我的书签
添加书签
移除书签8.1.6 Oracle Cloud Vault Support
Micronaut supports loading configuration values stored in Oracle Cloud Vaults. To use this feature, add the following dependencies:
Example build.gradle for Oracle Cloud Vault
compile "io.micronaut:micronaut-discovery-client"compile group: 'com.oracle.oci.sdk', name: 'oci-java-sdk-vault', version: '1.15.4'compile group: 'com.oracle.oci.sdk', name: 'oci-java-sdk-secrets', version: '1.15.4'compile group: 'com.oracle.oci.sdk', name: 'oci-java-sdk-common', version: '1.15.4'
To enable distributed configuration a src/main/resources/bootstrap.yml configuration file must be created and configured to use one or more Oracle Cloud Vaults:
bootstrap.yml
micronaut:application:name: vault-testconfig-client:enabled: trueoraclecloud:vault:config:enabled: truevaults:- ocid: ocid1.vault.oc1.phx...compartment-ocid: ocid1.compartment.oc1...use-instance-principal: falsepath-to-config: ~/.oci/configprofile: DEFAULTregion: US-PHOENIX-1
| Property | Type | Description |
|---|---|---|
| java.util.List | A list of OracleCloudVaultClientConfiguration$OracleCloudVault objects that contain secrets that will be retrieved, decoded and set into your application as config variables. |
| boolean | Whether or not the configuration client should use Instance Principal Authentication to interact with the SDK. If this value is false, you must include a path to an OCI Config file to use Config File based auth. |
| java.lang.String | If you are not using Instance Principal auth then you must pass the path to a valid OCI config file. Default value “~/.oci/config”. |
| java.lang.String | Which profile in the config file should be used? Default value “DEFAULT”. |
| java.lang.String | The OCI region Ex: ‘US-PHOENIX-1’. |
| You can learn more about Oracle Cloud Vault Secrets by reading this blog post. |
Each configured vault will be read and all of the secrets within the vault will be retrieved and set into configuration variables with the exact same name as the secret in the Oracle Cloud Vault.
For example, if you create a secret with the name of SECRET_ONE in your Oracle Cloud Vault, then it will be available to use in your application like any standard configuration variable:
@Value("${SECRET_ONE}") String secretOne
You can also use @PropertyName:
@Property(name = "SECRET_ONE") String secretOne
Another option is to inject your variables in to your configuration files which gives you the ability to store things like database passwords and API keys in your vault:
application.yaml
datasources:default:password: ${DB_PASSWORD}
Vault retrieved values are always String, but you can use @ConfigurationProperties on a bean in conjunction with your application.yml file to provide properly typed configuration variables.
So if you where to create secrets in your Oracle Cloud Vault like so:
| Name | Value |
|---|---|
SECRET_ONE | Value One |
SECRET_TWO | value two |
SECRET_THREE | true |
SECRET_FOUR | 42 |
SECRET_FIVE | 3.16 |
And then added the following to your application.yml file:
application.yml
secrets:one: ${SECRET_ONE}two: ${SECRET_TWO}three: ${SECRET_THREE}four: ${SECRET_FOUR}five: ${SECRET_FIVE}
You could add a config bean like so:
Config.java
@ConfigurationProperties("secrets")public class Config {private String one;private String two;private boolean three;private int four;private Double five;/* getters/setters removed for brevity */}
You could then inject and use this bean in your application with properly typed values.
HelloController.java
@Controller("/hello")public class HelloController {private Config config;public HelloController(Config config) {this.config = config;}@Get("/")public HttpStatus index() {return HttpStatus.OK;}@Get("/secret")public HttpResponse getSecret() {return HttpResponse.ok(config);}}
Calling the /hello/secret endpoint would return:
{"one": "Value One","two": "value two","three": true,"four": 42,"five": 3.16}
If you need support for different configurations per environment, you can create an environment specific bootstrap.yml file and utilize a different vault(s) configuration per environment. |
