Dropwizard bundle to access vault servers and inject secrets into config.
This Library implements a substitutor for the SubstitutingSourceProvider, which replaces variables (e.g. ${secret/path@fieldname}) inside the dropwizard config yml with the defined vault secret.
mandatory environment variables:
VAULT_ADDR = vault location (e.g. http://localhost:8200/)
VAULT_TOKEN = authentication token
optional:
VAULT_PREFIXPATH = prefix for secret path
prepare vault secrets:
vault write secret/path field1="secretFieldValue" value="secretValue"
dropwizard config yaml:
secrets:
firstSecretCustomFieldname: "${secret/path@field1}"
secondSecretWithDefaultFieldname: "${secret/path}"
if you set VAULT_PREFIXPATH="secret/"
:
secrets:
firstSecretCustomFieldname: "${path@field1}"
secondSecretWithDefaultFieldname: "${path}"