Vault setup
Startup Vault, such as development mode:
vault server -devWhen running the dev mode be sure to declare the insecure Vault address:
export VAULT_ADDR='http://127.0.0.1:8200'Enable AppRole authentication and create our provider's role
vault auth enable approle
vault policy write admin vault-policies/admin.hcl
vault policy write user vault-policies/user.hcl
vault write -f auth/approle/role/auth-provider
vault write -f auth/approle/role/admin
vault write -f auth/approle/role/userGet the appRoleId using
vault read auth/approle/role/auth-provider/role-idGenerate an appSecretId get getting the secret_id resulting from
vault write -f auth/approle/role/auth-provider/secret-idWhen running the Spring Boot app, pass the following arguments with the specific role-id and
secret-id retrieved above.
--vault.authentication=APPROLE
--vault.app-role.role-id=...
--vault.app-role.secret-id=...
--vault-web-auth.role-mappings.admin=ADMIN
--vault-web-auth.role-mappings.user=USER