Dropwizard bundle to access vault servers and inject secrets into config.
This Library implements a substitutor for the SubstitutingSourceProvider, which replaces variables (e.g. ${secret/path@fieldname}) inside the dropwizard config yml with the defined vault secret.
mandatory environment variables:
VAULT_ADDR = vault location (e.g. http://localhost:8200/)
VAULT_TOKEN = authentication token
optional:
VAULT_PREFIXPATH = prefix for secret path
prepare vault secrets:
vault write secret/path field1="secretFieldValue" value="secretValue"dropwizard config yaml:
secrets:
firstSecretCustomFieldname: "${secret/path@field1}"
secondSecretWithDefaultFieldname: "${secret/path}"if you set VAULT_PREFIXPATH="secret/":
secrets:
firstSecretCustomFieldname: "${path@field1}"
secondSecretWithDefaultFieldname: "${path}"