We now support AppRole authentication. This authentication method uses a provided RoleId and optionally SecretId to authenticate against Vault.
Fixes gh-7.
We now maintain the login token lifecycle throughout the whole application lifetime. A token is obtain from a login method on its first VaultTemplate access. Renewable tokens are refreshed if using LifecycleAwareSessionManager (configured by default) until max-ttl is reached and the token is disposed.
Fixes gh-13.
Spring Vault now supports VaultPropertySource. Property sources can be registered programatically to be used with Spring's Property source abstraction. @VaultPropertySource can be declared on @Configuration classes to obtain properties from Vault and expose these properties inside Spring's Environment.
@Configuration
@VaultPropertySource("secret/my-application")
public class AppConfig {
@Autowired Environment env;
@Bean
public TestBean testBean() {
TestBean testBean = new TestBean();
testBean.setPassword(env.getProperty("database.password"));
return testBean;
}
}
Fixes gh-9.
VaultClient now uses a ClientHttpRequestInterceptor to force marshaling. Outgoing data is buffered and available as byte array. This allows setting a Content-Length header using netty. Previously, requests were streamed to the TCP channel without knowing the request body size in advance. Vault expects a Content-Length header and rejected requests with a body but without a Content-Length header.
Fixes gh-8
Cubbyhole authentication uses Vault primitives to provide a secured authentication workflow. Cubbyhole authentication uses tokens as primary login method. An ephemeral token is used to obtain a second, login VaultToken from Vault’s Cubbyhole secret backend. The login token is usually longer-lived and used to interact with Vault. The login token can be retrieved either from a wrapped response or from the data section.
Fixes gh-3
Support top level auth mount response and nested (within `data`) mount responses. Add build matrix to TravisCI. Adopt tests to earlier Vault responses.
Fixes gh-2