/cerberus-spring-boot-client

Spring Boot client for interacting with a Cerberus backend.

Primary LanguageJavaApache License 2.0Apache-2.0

Cerberus Spring Boot Client

codecov

A Spring Boot client library for Cerberus for Spring Boot applications.

To learn more about Cerberus, please see the Cerberus website.

Publishing Notice 3/17/2021

As of spring 2021, JFrog has decided to sunset Bintray and JCenter. Due to this decision, we are pausing our open source publishing of the Cerberus Spring Boot Client. However, we will still be updating the source code and making new GitHub releases.

In order to build the jar yourself, run this command:

./gradlew assemble

The jar will be located in ./build/libs/.

For any questions or concerns, create a Github issue here.

Quickstart for EC2

  1. Start with the quick start guide.
  2. Add the Cerberus Spring Boot Client dependency to your build (e.g. Artifactory) or build the jar
  3. Provide an authentication mechanism.
    • For local development it is easiest to export a CERBERUS_TOKEN that you copied from the Cerberus dashboard. When running in AWS, your application will not need this environmetal variable, instead it will automatically authenticate using its IAM role. Alternatively, set a cerberus.token System property.
    • If you would like to test IAM authentication locally, you can do that by assuming a role.
  4. Configure the Cerberus URL and region, e.g. in your application.properties
    cerberus.url=https://test.cerberus.example.com/
    cerberus.region=us-west-2
  1. Ensure CerberusClientSpringBootConfiguration is registered in your ApplicationContext. E.g.
    @Configuration
    @Import(CerberusClientSpringBootConfiguration.class)
    public class MyAppSpringConfig {
    }
  1. Access secrets from Cerberus using Java client
    @Autowired
    CerberusClient cerberusClient;
    
    String path = "/app/my-sdb-name"; // path from Cerberus dashboard
    Map<String,String> secrets = cerberusClient.read(path).getData();
    String secret = secrets.get("propname");  // property name from Cerberus dashboard

Development

Run Integration Tests

First, make sure you have a safe deposit box created in the cerberus environment you plan to run the tests against. The credentials you plan to use to execute the tests with must have write permissions to this SDB.

Second, make sure the following environment variables are set before running the Cerberus Spring Boot Client integration tests:

    export CERBERUS_URL=https://example.cerberus.com
    export CERBERUS_REGION=us-west-2
    export SDB_ROOT_PATH=app/integration-test-sdb/

Then, make sure AWS credentials have been loaded into the default credential profile or a cerberus token has been exported to the "CERBERUS_TOKEN" environment variable.

One method of obtaining credentials is by running gimme-aws-creds:

    gimme-aws-creds

Next, in the project directory run:

    ./gradlew integration

License

Cerberus client is released under the Apache License, Version 2.0