Vault服务器,如何使用Java或Spring框架以编程方式将键/值存储到Vault服务器

huangapple go评论68阅读模式
英文:

Vault server, how to programmatically put key/value to vault server using Java or Spring framework

问题

我想在我的应用程序运行时存储一些机密信息/凭据,类似于以下命令。

vault kv put -path=secret/application key1=val1

我已经查看了HashiCorp SDK,但它只提供了一个写入命令,用于覆盖先前的密钥/值。我想要更新键-值,而不是覆盖,我该如何在程序中实现这一点。

英文:

I want to store some secrets/credentials during runtime in my application, similar to the following command.

vault kv put -path=secret/application key1=val1

I have reviewed the HashiCorp SDK, but it only provides a write command that overrides previous keys/values in my secrets. I want to update key-value instead of override, how can I do that programmatically.

答案1

得分: 1

After digging through the code, I figured out. So what I have to do is to call the method ::opsForKeyValue, it returns the operations for managing key-value including patch command. So with patch command I'm be able to update key-vaule without overriding the previous one.

@Autowired
VaultTemplate template;

public void updateSecrets() {
    var ops = template.opsForKeyValue("test", VaultKeyValueOperationsSupport.KeyValueBackend.KV_2);
    ops.patch("application", Map.of("k3", "v3"));
}

** 注意它仅支持 KV 版本 2。

英文:

After digging through the code, I figured out. So what I have to do is to call the method ::opsForKeyValue, it returns the operations for managing key-value including patch command. So with patch command I'm be able to update key-vaule without overriding the previous one.

@Autowired
VaultTemplate template;

public void updateSecrets() {
	var ops = template.opsForKeyValue("test", VaultKeyValueOperationsSupport.KeyValueBackend.KV_2);
	ops.patch("application", Map.of("k3", "v3"));
}

** Note that it only supports KV version 2.

答案2

得分: 1

我使用Bettercloud的"Vault Java Driver"库,可以在此处找到。

它使用API与Vault服务器进行通信,因此您无需编写自己的请求。非常容易使用。

希望我能帮到您。

英文:

For my part, I use the "Vault Java Driver" library from Bettercloud, available here: https://bettercloud.github.io/vault-java-driver/.

It uses the API to communicate with the vault server, so you don't need to write your own requests. It is very easy to use.

Hopefully I could help you.

huangapple
  • 本文由 发表于 2023年2月6日 03:44:58
  • 转载请务必保留本文链接:https://go.coder-hub.com/75355038.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定