The Spring Vault project applies core Spring concepts to the development of solutions using HashiCorp Vault. We provide a "template" as a high-level abstraction for storing and querying documents. You will notice similarities to the REST support in the Spring Framework.
...
...
@@ -10,7 +10,7 @@ This part of the reference documentation explains the core functionality offered
[Vault support](#vault.core) introduces the Vault module feature set.
This section provides basic introduction to Spring and Vault.
It contains details about following development and how to get support.
...
...
@@ -18,7 +18,7 @@ It contains details about following development and how to get support.
The rest of the document refers to Spring Vault features and assumes
the user is familiar with [HashiCorp Vault](https://www.vaultproject.io)as well as Spring concepts.
## [](#get-started:first-steps:spring)2. Knowing Spring
## 2. Knowing Spring
Spring Vault uses Spring framework’s [core](https://docs.spring.io/spring/docs/5.3.4/spring-framework-reference/core.html) functionality, such as [IoC](https://docs.spring.io/spring/docs/5.3.4/spring-framework-reference//core.html) container. While it is not important to know the Spring APIs, understanding the concepts behind them is. At a minimum, the idea behind IoC should be familiar for whatever IoC container you choose to use.
...
...
@@ -26,7 +26,7 @@ The core functionality of the Vault support can be used directly, with no need t
To learn more about Spring, you can refer to the comprehensive (and sometimes disarming) documentation that explains in detail the Spring Framework. There are a lot of articles, blog entries and books on the matter - take a look at the Spring framework [home page ](https://spring.io/docs) for more information.
Security and working with secrets is a concern of every developer working with databases, user credentials or API keys. Vault steps in by providing a secure storage combined with access control, revocation, key rolling and auditing. In short: Vault is a service for securely accessing and storing secrets. A secret is anything that you want to tightly control access to, such as API keys, passwords, certificates, and more.
...
...
@@ -47,35 +47,35 @@ Vault can manage static and dynamic secrets such as application data,
username/password for remote applications/resources and provide credentials
for external services such as MySQL, PostgreSQL, Apache Cassandra, Consul, AWS and more.
## [](#requirements)4. Requirements
## 4. Requirements
Spring Vault 2.x binaries requires JDK level 8.0 and above, and [Spring Framework](https://spring.io/docs) 5.3.4 and above.
In terms of Vault, [Vault](https://www.vaultproject.io/) at least 0.6.
## [](#get-started:additional-help)5. Additional Help Resources
## 5. Additional Help Resources
Learning a new framework is not always straight forward. In this section, we try to provide what we think is an easy to follow guide for starting with Spring Vault module. However, if you encounter issues or you are just looking for advice, feel free to use one of the links below:
### [](#get-started:help)5.1. Support
### 5.1. Support
There are a few support options available:
#### [](#get-started:help:community)5.1.1. Community Forum
#### 5.1.1. Community Forum
Post questions questions regarding Spring Vault on [Stackoverflow](https://stackoverflow.com/questions/tagged/spring-vault) to share information and help each other. Note that registration is needed **only** for posting.
#### [](#get-started:help:professional)5.1.2. Professional Support
#### 5.1.2. Professional Support
Professional, from-the-source support, with guaranteed response time, is available from [Pivotal Sofware, Inc.](https://pivotal.io/), the company behind Spring Vault and Spring.
### [](#get-started:up-to-date)5.2. Following Development
### 5.2. Following Development
For information on the Spring Vault source code repository, nightly builds and snapshot artifacts please see the [Spring Vault homepage](https://projects.spring.io/spring-vault/). You can help make Spring Vault best serve the needs of the Spring community by interacting with developers through the Community on [Stackoverflow](https://stackoverflow.com/questions/tagged/spring-vault). If you encounter a bug or want to suggest an improvement, please create a ticket on the Spring Vault issue [tracker](https://github.com/spring-projects/spring-vault/issues). To stay up to date with the latest news and announcements in the Spring ecosystem, subscribe to the Spring Community [Portal](https://spring.io). Lastly, you can follow the Spring [blog ](https://spring.io/blog)or the project team on Twitter ([SpringCentral](https://twitter.com/springcentral)).
## [](#new-features)6. New & Noteworthy
## 6. New & Noteworthy
### [](#new-features.2-3-0)6.1. What’s new in Spring Vault 2.3
### 6.1. What’s new in Spring Vault 2.3
* Support for PEM-encoded certificates for keystore and truststore usage.
...
...
@@ -93,7 +93,7 @@ For information on the Spring Vault source code repository, nightly builds and s
*`AbstractVaultConfiguration.threadPoolTaskScheduler()` bean type changed to `TaskSchedulerWrapper` instead of `ThreadPoolTaskScheduler`.
### [](#new-features.2-2-0)6.2. What’s new in Spring Vault 2.2
### 6.2. What’s new in Spring Vault 2.2
* Support for Key-Value v2 (versioned backend) secrets through `@VaultPropertySource`.
...
...
@@ -112,7 +112,7 @@ For information on the Spring Vault source code repository, nightly builds and s
* Kotlin Coroutines support for `ReactiveVaultOperations`.
### [](#new-features.2-1-0)6.3. What’s new in Spring Vault 2.1
### 6.3. What’s new in Spring Vault 2.1
*[GCP Compute](#vault.authentication.gcpgce), [GCP IAM](#vault.authentication.gcpiam), and [Azure](#vault.authentication.azuremsi) authentication.
...
...
@@ -122,7 +122,7 @@ For information on the Spring Vault source code repository, nightly builds and s
* Improved Exception hierarchy for Vault login failures.
### [](#new-features.2-0-0)6.4. What’s new in Spring Vault 2.0
### 6.4. What’s new in Spring Vault 2.0
* Authentication steps DSL to [compose authentication flows](#vault.authentication.steps).
...
...
@@ -142,7 +142,7 @@ For information on the Spring Vault source code repository, nightly builds and s
*[Spring Security integration](#vault.misc.spring-security) with transit backend-based `BytesKeyGenerator` and `BytesEncryptor`.
### [](#new-features.1-1-0)6.5. What’s new in Spring Vault 1.1.0
### 6.5. What’s new in Spring Vault 1.1.0
*[AWS IAM authentication](#vault.authentication.awsiam).
...
...
@@ -154,13 +154,13 @@ For information on the Spring Vault source code repository, nightly builds and s
* TTL-based generic secret rotation.
### [](#new-features.1-0-0)6.6. What’s new in Spring Vault 1.0
The Vault support contains a wide range of features which are summarized below.
...
...
@@ -176,7 +176,7 @@ administrative commands. `VaultTemplate` also provides callback methods so that
get a hold of the low-level API artifacts such as `RestTemplate` to communicate
directly with Vault.
### [](#dependencies)7.1. Dependencies
### 7.1. Dependencies
The easiest way to find compatible versions of Spring Vault dependencies is by relying on the Spring Vault BOM we ship with the compatible versions defined.
In a Maven project you would declare this dependency in the`<dependencyManagement />` section of your `pom.xml`:
...
...
@@ -217,14 +217,14 @@ Example 2. Declaring a dependency to Spring Vault
</dependencies>
```
### [](#dependencies.spring-framework)7.2. Spring Framework
### 7.2. Spring Framework
The current version of Spring Vault requires Spring Framework in version
5.3.4 or better.
The modules might also work with an older bugfix version of that minor version.
However, using the most recent version within that generation is highly recommended.
## [](#vault.core.getting-started)8. Getting Started
## 8. Getting Started
Spring Vault support requires Vault 0.6 or higher and Java SE 6 or higher.
An easy way to bootstrap setting up a working environment is to create a
...
...
@@ -355,7 +355,7 @@ Even in this simple example, there are few things to take notice of
* If the constructor argument names match the field names of the stored document,
they will be used to instantiate the object.
## [](#vault.core.template)9. Introduction to VaultTemplate
## 9. Introduction to VaultTemplate
The class `VaultTemplate`, located in the package `org.springframework.vault.core`,
is the central class of the Spring’s Vault support providing a rich feature set to
...
...
@@ -389,7 +389,7 @@ Please see the section [Execution Callbacks](#vault.core.executioncallback) for
Now let’s look at a examples of how to work with Vault in the context of the Spring container.
### [](#vault.core.template.beans)9.1. Registering and configuring Spring Vault beans
### 9.1. Registering and configuring Spring Vault beans
Using Spring Vault does not require a Spring Context. However, instances of `VaultTemplate` and `SessionManager` registered inside a managed context will participate
in [lifecycle events](https://docs.spring.io/spring/docs/5.3.4/spring-framework-reference/core.html#beans-factory-nature)provided by the Spring IoC container. This is useful to dispose active Vault sessions upon
...
...
@@ -468,7 +468,7 @@ public class AppConfig extends AbstractVaultConfiguration {
| |Creating a custom configuration class might be cumbersome in some cases.<br/>Take a look at `EnvironmentVaultConfiguration` that allows configuration by using<br/>properties from existing property sources and Spring’s `Environment`. Read more<br/>in [Using `EnvironmentVaultConfiguration`](#vault.core.environment-vault-configuration).|
Spring Vault requires a `ClientAuthentication` to login and access Vault.
See [Authentication Methods](#vault.core.authentication) on details regarding authentication.
...
...
@@ -482,7 +482,7 @@ obtains a token, about revocation and renewal. Spring Vault comes with two imple
renewal if a token is renewable and revoke a login token on disposal.
Renewal is scheduled with an `AsyncTaskExecutor`. `LifecycleAwareSessionManager`is configured by default if using `AbstractVaultConfiguration`.
### [](#vault.core.environment-vault-configuration)9.3. Using `EnvironmentVaultConfiguration`
### 9.3. Using `EnvironmentVaultConfiguration`
Spring Vault includes `EnvironmentVaultConfiguration` configure the Vault client from Spring’s `Environment` and a set of predefined
property keys. `EnvironmentVaultConfiguration` supports frequently applied configurations. Other configurations are supported by deriving from the most appropriate configuration class. Include `EnvironmentVaultConfiguration` with `@Import(EnvironmentVaultConfiguration.class)` to existing
...
...
@@ -585,7 +585,7 @@ No configuration options.
* Path to service account token file: `vault.kubernetes.service-account-token-file` (defaults to `/var/run/secrets/kubernetes.io/serviceaccount/token`)
You can find more details about the [Vault Key-Value version 1 API](https://www.vaultproject.io/api-docs/secret/kv/kv-v1) in the Vault reference documentation.
### [](#vault.core.backends.kv2)10.2. Key-Value Version 2 ("versioned secrets")
### 10.2. Key-Value Version 2 ("versioned secrets")
You can run the `kv` secrets engine in one of two versions.
This section explains using version 2. When running version 2 of the `kv` backend a key can retain a configurable number of versions.
You can find more details about the [Vault Key-Value version 2 API](https://www.vaultproject.io/api-docs/secret/kv/kv-v2) in the Vault reference documentation.
You can find more details about the [Vault Token Auth Method API](https://www.vaultproject.io/api-docs/auth/token) in the Vault reference documentation.
You can find more details about the [Vault Transit Backend](https://www.vaultproject.io/api/secret/transit) in the Vault reference documentation.
## [](#vault.core.reactive.template)11. Introduction to ReactiveVaultTemplate
## 11. Introduction to ReactiveVaultTemplate
This section covers basic information on the reactive programming support using Spring Vault.
...
...
@@ -987,7 +987,7 @@ Please see the section [Execution Callbacks](#vault.core.reactive.executioncallb
Now let’s look at a examples of how to work with Vault in the context of the Spring container.
### [](#vault.core.reactive.template.beans)11.3. Registering and configuring Spring Vault beans
### 11.3. Registering and configuring Spring Vault beans
Using Spring Vault does not require a Spring Context. However, instances of`ReactiveVaultTemplate` and `VaultTokenSupplier` registered inside a managed context will participate
in [lifecycle events](https://docs.spring.io/spring/docs/5.3.4/spring-framework-reference/core.html#beans-factory-nature)provided by the Spring IoC container. This is useful to dispose active Vault sessions upon
...
...
@@ -1031,7 +1031,7 @@ public class AppConfig extends AbstractReactiveVaultConfiguration {
|**2**|This sample uses `TokenAuthentication` to get started quickly.<br/>See [Authentication Methods](#vault.core.authentication) for details on supported authentication methods.|
## [](#vault.core.propertysupport)12. Vault Property Source Support
## 12. Vault Property Source Support
Vault can be used in many different ways. One specific use-case is using
Vault to store encrypted properties. Spring Vault supports Vault as property
...
...
@@ -1189,7 +1189,7 @@ In such cases - and if overriding is important - it is recommended that the
user fall back to using the programmatic PropertySource API.
See [`ConfigurableEnvironment`](https://docs.spring.io/spring-framework/docs/current/javadoc-api/org/springframework/core/env/ConfigurableEnvironment.html) and[`MutablePropertySources`](https://docs.spring.io/spring/docs/current/javadoc-api/org/springframework/core/env/MutablePropertySources.html) for details.
## [](#vault.repositories)13. Vault Repositories
## 13. Vault Repositories
Working with `VaultTemplate` and responses mapped to Java classes allows basic data operations like read, write
and delete. Vault repositories apply Spring Data’s repository concept on top of Vault.
...
...
@@ -1199,7 +1199,7 @@ the Id property, paging and sorting.
| |Read more about Spring Data Repositories in the [Spring Data Commons reference documentation](https://docs.spring.io/spring-data/commons/docs/current/reference/html/#repositories). The reference documentation will give you an introduction to Spring Data repositories.|
To access domain entities stored in Vault you can leverage repository support that eases implementing those quite significantly.
...
...
@@ -1317,7 +1317,7 @@ public void basicCrudOperations() {
|**3**| Counts the total number of entities available within the keyspace *credentials* defined by `@Secret` on `Credentials`. |
|**4**| Removes the key for the given object from Vault. |
### [](#vault.repositories.mapping)13.2. Object to Vault JSON Mapping
### 13.2. Object to Vault JSON Mapping
Vault repositories store objects in Vault using JSON as interchange format. Object mapping between JSON and
the entity is done by `VaultConverter`. The converter reads and writes `SecretDocument` that contains the body
...
...
@@ -1362,7 +1362,7 @@ You can customize the mapping behavior by registering a `Converter` in `VaultCus
Those converters can take care of converting from/to a type such as `LocalDate` as well as `SecretDocument`whereas the first one is suitable for converting simple properties and the last one complex types to their JSON
representation. The second option offers full control over the resulting `SecretDocument`. Writing objects to `Vault`will delete the content and re-create the whole entry, so not mapped data will be lost.
### [](#vault.repositories.queries)13.3. Queries and Query Methods
### 13.3. Queries and Query Methods
Query methods allow automatic derivation of simple queries from the method name. Vault has no query engine but
requires direct access of HTTP context paths. Vault query methods translate Vault’s API possibilities to queries.
...
...
@@ -1426,7 +1426,7 @@ public interface CredentialsRepository extends PagingAndSortingRepository<Creden
}
```
## [](#vault.core.client.support)14. Client support
## 14. Client support
Spring Vault supports various HTTP clients to access Vault’s HTTP API. Spring Vault uses[`RestTemplate`](https://docs.spring.io/spring/docs/5.3.4/spring-framework-reference/integration.html#rest-resttemplate) as primary interface accessing Vault.
Dedicated client support originates from [customized SSL configuration](#vault.client-ssl)that is scoped only to Spring Vault’s client components.
Different organizations have different requirements for security
and authentication. Vault reflects that need by shipping multiple authentication
...
...
@@ -1594,7 +1594,7 @@ public class Config extends AbstractVaultConfiguration {
See [`SecurePropertyUsage.java`](https://github.com/spring-projects/spring-vault/blob/master/spring-vault-core/src/test/java/org/springframework/vault/demo/SecurePropertyUsage.java)for a sample on referencing properties in components and other property sources.
The [gcp](https://www.vaultproject.io/docs/auth/gcp.html)auth backend allows Vault login by using existing GCP (Google Cloud Platform) IAM and GCE credentials.
...
...
@@ -1985,7 +1985,7 @@ See also:
* [GCP Documentation: Verifying the Identity of Instances](https://cloud.google.com/compute/docs/instances/verifying-instance-identity)
The [gcp](https://www.vaultproject.io/docs/auth/gcp.html)auth backend allows Vault login by using existing GCP (Google Cloud Platform) IAM and GCE credentials.
The [pcf](https://www.vaultproject.io/docs/auth/pcf.html)auth backend allows Vault login for PCF instances.
It leverages [PCF’s App and Container Identity Assurance](https://content.pivotal.io/blog/new-in-pcf-2-1-app-container-identity-assurance-via-automatic-cert-rotation).
...
...
@@ -2072,7 +2072,7 @@ See also:
* [Vault Documentation:
Using the PCF auth backend](https://www.vaultproject.io/docs/auth/pcf.html)
Vault’s tokens can be associated with a time to live. Tokens obtained by an authentication method
are intended to be used as long as the session is active and should not expire while the application is active.
...
...
@@ -2345,11 +2345,11 @@ Authentication methods such as [`TokenAuthentication`](https://docs.spring.io/sp
Authentication methods creating `LoginToken` directly (all login-based authentication methods) already provide all necessary details to setup token renewal. Tokens obtained from a login are revoked by `LifecycleAwareSessionManager` if the session manager is shut down.
## [](#vault.misc)16. Miscellaneous
## 16. Miscellaneous
Learn in this chapter about details worth mentioning like the Spring Security integration.
### [](#vault.misc.spring-security)16.1. Spring Security
### 16.1. Spring Security
Spring Vault integrates with Spring Security by providing implementations for [`BytesKeyGenerator`](https://docs.spring.io/spring-security/site/docs/current/reference/htmlsingle/#spring-security-crypto-keygenerators) and [`BytesEncryptor`](https://docs.spring.io/spring-security/site/docs/current/reference/htmlsingle/#spring-security-crypto-encryption). Both implementations use Vault’s `transit` backend.
Spring Vault 项目将核心 Spring 概念应用于使用 HashiCorpVault 的解决方案的开发。我们提供了一个“模板”作为存储和查询文档的高级抽象。你将注意到与 Spring 框架中的 REST 支持的相似之处。
...
...
@@ -10,13 +10,13 @@ Spring Vault 项目将核心 Spring 概念应用于使用 HashiCorpVault 的解
[保险库支持](#vault.core)介绍了 Vault 模块功能集。
## [](#preface.document-structure)1。文件结构
## 1.文件结构
这一部分提供了 Spring 和 Vault 的基本介绍。它包含有关后续开发和如何获得支持的详细信息。
文档的其余部分引用了 Spring Vault 特性,并假定用户熟悉[HashiCorp 保险库](https://www.vaultproject.io)以及 Spring 概念。
## [](#get-started:first-steps:spring)2。知道 Spring
## 2.知道 Spring
Spring Vault 使用 Spring Framework 的[core](https://docs.spring.io/spring/docs/5.3.4/spring-framework-reference/core.html)功能,例如[IoC](https://docs.spring.io/spring/docs/5.3.4/spring-framework-reference//core.html)容器。虽然了解 Spring API 并不重要,但了解它们背后的概念是重要的。至少,对于你选择使用的任何 IOC 容器,IOC 背后的思想应该是熟悉的。
...
...
@@ -24,7 +24,7 @@ Vault 支持的核心功能可以直接使用,而不需要调用 Spring 容器
要了解有关 Spring 的更多信息,你可以参考详细解释 Spring 框架的全面(有时是解除武装)文档。有很多关于这个问题的文章、博客条目和书籍--看看 Spring 框架[home page ](https://spring.io/docs),了解更多信息。
## [](#get-started:first-steps:vault)3。知道保险库
## 3.知道保险库
安全性和处理秘密是每个处理数据库、用户凭据或 API 密钥的开发人员关心的问题。Vault 通过提供与访问控制、撤销、密钥滚动和审计相结合的安全存储来介入。简而言之:Vault 是一种安全访问和存储秘密的服务。秘密是你想要严格控制访问权限的任何东西,例如 API 密钥、密码、证书等等。
...
...
@@ -40,35 +40,35 @@ Vault 支持的核心功能可以直接使用,而不需要调用 Spring 容器
Spring Vault 提供了用于访问、存储和撤销秘密的客户端支持。有了[HashiCorp 的保险库](https://www.vaultproject.io),你就有了一个中心位置来管理跨所有环境的应用程序的外部秘密数据。Vault 可以管理静态和动态秘密,例如应用程序数据、远程应用程序/资源的用户名/密码,并为外部服务(例如 MySQL、PostgreSQL、 Apache Cassandra、Consul、AWS 等)提供凭据。
## [](#requirements)4。所需经费
## 4.所需经费
Spring Vault2.x 二进制文件要求 JDK 级别为 8.0 及以上,并且[Spring Framework](https://spring.io/docs)5.3.4 及以上。
学习一个新的框架并不总是直截了当的。在这一部分中,我们试图提供一种我们认为易于遵循的指南,用于从 Spring Vault 模块开始。然而,如果你遇到问题或你只是在寻求建议,请使用以下链接之一:
### [](#get-started:help)5.1。支持
### 5.1.支持
有几个可用的支持选项:
#### [](#get-started:help:community)5.1.1。社区论坛
#### 5.1.1.社区论坛
在[StackOverflow](https://stackoverflow.com/questions/tagged/spring-vault)上发布有关 Spring Vault 的问题,以共享信息并相互帮助。请注意,需要注册**只有**才能发布。
#### [](#get-started:help:professional)5.1.2。专业支持
#### 5.1.2.专业支持
Spring Vault 和 Spring 背后的公司[Pivotal Software,Inc.](https://pivotal.io/)提供专业的、源代码支持,并保证响应时间。
### [](#get-started:up-to-date)5.2。后续发展
### 5.2.后续发展
有关 Spring Vault 源代码库、夜间构建和快照工件的信息,请参见[Spring Vault homepage](https://projects.spring.io/spring-vault/)。通过在[StackOverflow](https://stackoverflow.com/questions/tagged/spring-vault)上通过社区与开发人员进行交互,你可以帮助使 Spring Vault 最好地满足 Spring 社区的需求。如果你遇到错误或希望提出改进建议,请在 Spring vault 问题[tracker](https://github.com/spring-projects/spring-vault/issues)上创建一个票证。要了解 Spring 生态系统中的最新消息和公告,请订阅 Spring 社区[Portal](https://spring.io)。最后,你可以关注 Spring [blog ](https://spring.io/blog)或 Twitter 上的项目团队([SpringCentral](https://twitter.com/springcentral))。
## [](#new-features)6。新的和值得注意的
## 6.新的和值得注意的
### [](#new-features.2-3-0)6.1。最新更新在 Spring Vault2.3 中
### 6.1.最新更新在 Spring Vault2.3 中
* 支持用于密钥库和信任库使用的 PEM 编码证书。
...
...
@@ -86,7 +86,7 @@ Spring Vault 和 Spring 背后的公司[Pivotal Software,Inc.](https://pivotal
### [](#vault.core.template.beans)9.1。注册和配置 Spring Vault bean
### 9.1.注册和配置 Spring Vault bean
使用 Spring Vault 不需要 Spring 上下文。但是,在托管上下文中注册的`VaultTemplate`和`SessionManager`实例将参与由 Spring IOC 容器提供的[生命周期事件](https://docs.spring.io/spring/docs/5.3.4/spring-framework-reference/core.html#beans-factory-nature)。这对于在应用程序关闭时处理活动的 Vault 会话非常有用。你还可以在应用程序中重用相同的`VaultTemplate`实例。
...
...
@@ -352,7 +352,7 @@ Spring Vault 附带了一个支持配置类,该配置类提供了 Bean 用于
@@ -417,7 +417,7 @@ public class AppConfig extends AbstractVaultConfiguration {
| |在某些情况下,创建自定义配置类可能很麻烦。<br/>看看`EnvironmentVaultConfiguration`,它允许使用现有属性源的<br/>属性和 Spring 的`Environment`进行配置。在[using`EnvironmentVaultConfiguration`](#vault.core.environment-vault-configuration)中阅读更多<br/>。|
Spring Vault 需要`ClientAuthentication`才能登录和访问 Vault。有关身份验证的详细信息,请参见[认证方法](#vault.core.authentication)。Vault 登录不应该发生在每个经过身份验证的 Vault 交互上,而是必须在整个会话中重用。该方面由`SessionManager`实现来处理。a`SessionManager`决定它获得令牌的频率,关于撤销和更新。 Spring Vault 有两种实现方式:
...
...
@@ -425,11 +425,11 @@ Spring Vault 需要`ClientAuthentication`才能登录和访问 Vault。有关身
Spring Vault 包括从 Spring 的`Environment`中配置 Vault 客户端的`EnvironmentVaultConfiguration`和一组预定义的属性键。`EnvironmentVaultConfiguration`支持经常应用的配置。从最合适的配置类派生支持其他配置。将`EnvironmentVaultConfiguration`与`@Import(EnvironmentVaultConfiguration.class)`一起包含到现有的基于 Java 的配置类中,并通过 Spring 的`PropertySource`s 中的任何一个提供配置属性。
### [](#vault.core.reactive.template.beans)11.3。注册和配置 Spring Vault bean
### 11.3.注册和配置 Spring Vault bean
使用 Spring vault 不需要 Spring 上下文。然而,在托管上下文中注册的`ReactiveVaultTemplate`和`VaultTokenSupplier`的实例将参与由 Spring IOC 容器提供的[生命周期事件](https://docs.spring.io/spring/docs/5.3.4/spring-framework-reference/core.html#beans-factory-nature)。这对于在应用程序关闭时处理活动的 Vault 会话非常有用。你还受益于在应用程序中重用相同的`ReactiveVaultTemplate`实例。
...
...
@@ -880,7 +880,7 @@ Spring Vault 附带了一个支持配置类,该配置类提供了 Bean 用于
使用`VaultTemplate`和映射到 Java 类的响应可以实现基本的数据操作,如读、写和删除。 Spring Vault 存储库在 Vault 之上应用了数据存储库的概念。Vault 存储库公开了基本的增删改查功能,并支持使用限制 ID 属性、分页和排序的谓词进行查询派生。
| |在[Spring Data Commons reference documentation](https://docs.spring.io/spring-data/commons/docs/current/reference/html/#repositories)中阅读有关 Spring 数据存储库的更多信息。参考文档将向你介绍 Spring 数据存储库。|
Spring 的[PropertySource 抽象](https://docs.spring.io/spring/docs/5.3.4/spring-framework-reference/core.html#beans-property-source-abstraction)是将配置保持在应用程序代码之外的一种自然适合。你可以使用系统属性、环境变量或属性文件来存储登录凭据。每种方法都有自己的特性。请记住,可以通过适当的 OS 访问级别来内省命令行和环境属性。
例 26。将`vault.token`外部化到属性文件
例 26.将`vault.token`外部化到属性文件
```
@PropertySource("configuration.properties")
...
...
@@ -1401,7 +1401,7 @@ public class Config extends AbstractVaultConfiguration {