How to use Spring Cloud Config Server with Git and Vault | Microservices 4

Ғылым және технология

In this video I will show how to use Spring Cloud Config Server with two sources: Git and Vault. I will use Git for the common configuration and Vault for the critical information.
This is the fourth video of the playlist where I will build a microservices architecture for a webpage, how to create microservices with Spring Boot and Spring Cloud, and how to handle the microservices with Docker and Kubernetes: • Microservices
Content of the video:
* why having a distributed configuration server;
* how to configure a distributed configuration server with Spring Cloud Config Server;
* how to use Git as a source for Spring Cloud Config Server;
* how to name the files upon the profiles and labels;
* how to add Vault as second source to Spring Cloud Config Server.
Repository: github.com/serlesen/microserv...
My NEW eBook: sergiolema.dev/git-book/
Blog: bit.ly/47ornJL
LinkedIn: bit.ly/41Nn61q
Facebook: bit.ly/47rc9nh
My Desktop:
• Laptop: Macbook Pro 16' 2019
• Gaming Chair: amzn.to/47Vu6ed
• Mouse: amzn.to/3HoBwM1
• Desk: amzn.to/48Tc5Oi
• Screen: amzn.to/48VZkCL
Icons:
* File by Royyan Razka from the Noun Project
* application by Flatart from the Noun Project
* config by Storm Icons from the Noun Project
* cycle by Alice Design from the Noun Project
* application by Jamison Wieser from the Noun Project

Пікірлер: 25

  • @deepikadurairaj6328
    @deepikadurairaj63282 жыл бұрын

    Thanks for the video...Good one with perfect explanation 👌👌

  • @TheDevWorldbySergioLema

    @TheDevWorldbySergioLema

    2 жыл бұрын

    Thanks to you for taking your time to write this comment

  • @jeancarlossouza3432
    @jeancarlossouza3432 Жыл бұрын

    Saudações de um dev brasileiro! Obrigado pelo tutorial, estava configurando certo e dava erro, a propriedade que estava faltando era a do spring.cloud.config.server.vault.order=1 isso faz com que os dois funcionem perfeitamente. Thank you very much for this, it helped alot.

  • @TheDevWorldbySergioLema

    @TheDevWorldbySergioLema

    Жыл бұрын

    Glad it helped you!

  • @ayuen100home6
    @ayuen100home62 жыл бұрын

    Nice tutorial. Quite easy to follow :) Question though: I see you're storing he vault configs in the root directory "secret/service-users". Is there a way to store them in sub directories? e.g. "secret/dev/service-users", "secret/test/service-users", "secret/prod/service-users", etc... If so, how is this configured on both the server and client apps?

  • @TheDevWorldbySergioLema

    @TheDevWorldbySergioLema

    2 жыл бұрын

    Thanks, yes you can do it. To configure this in Vault, you must create the directories manually. But in the application, you can use environnement variables in your configuration file to obtain the path depending where the application is running, only based on an environment variable

  • @glisavkatroshi3237
    @glisavkatroshi32379 ай бұрын

    Does this also work for nested secret paths in Vault? For example, in Secret Engine secret/ , I will have secret key as application and inside application another subfolder, let's call it dev and inside dev, we could have properties. So secret/application/dev/properties. In this path, we can store a key value pair of secret. Somehow I can't pull secrets from this path. Can you please help me?

  • @TheDevWorldbySergioLema

    @TheDevWorldbySergioLema

    9 ай бұрын

    Never tried this far. What is the problem? Do you have some error logs?

  • @gopalpatil8098
    @gopalpatil80982 жыл бұрын

    How do i check if vault properties can be fetched?

  • @TheDevWorldbySergioLema

    @TheDevWorldbySergioLema

    2 жыл бұрын

    I'm not sure to understand your question. This video is about the distributed configuration architecture with Spring Cloud. For that, I've used Vault, but I'm not aware of the Vault details (if that's what you're asking for).

  • @ai_made_easy
    @ai_made_easy5 ай бұрын

    Thanks for the video. Can you let me whether it is okay to do what I did: I added a spring security to the config server, a databased backend and stored the username and password on Hashicorp vault. I decided to connect the client services using the keys retrieved from vault. Unfortunately, this doesnt work. When I directly used the username and password in the spring.config.import for the services, it works. I will not want to hard code the username and password into the properties folder. Can you help me know why it is not connecting? Thanks, Sergio.

  • @TheDevWorldbySergioLema

    @TheDevWorldbySergioLema

    5 ай бұрын

    Do you use Spring Config Bootstrap? docs.spring.io/spring-cloud-config/docs/current/reference/html/#config-first-bootstrap

  • @ai_made_easy

    @ai_made_easy

    5 ай бұрын

    Yes I actually use bootstrap. Thanks or the reply@@TheDevWorldbySergioLema

  • @ai_made_easy

    @ai_made_easy

    4 ай бұрын

    Thanks again for the response and link. I think it may be fine to use the username and password directly in the code following the examples provided in the doc you sent. Because services using http can often let some flexibility. @@TheDevWorldbySergioLema

  • @shirishabonagam526
    @shirishabonagam5262 жыл бұрын

    Hi,Thanks for the video. please can you Suggest me how to add dbpassword as & Symbol in vault. when i add dbpassword like sh&6%4*fhwT in vault , am getting '6%4*fhwT' is not recognized as an internal or external command. please suggest me how to read the above password

  • @TheDevWorldbySergioLema

    @TheDevWorldbySergioLema

    2 жыл бұрын

    How are you inserting the password? Because using Java, the '&' isn't a special character and should be inserted correctly. If you use bash, then use single quotes for the password, otherwise the '&' will be interpreted as a variable. Another option is to encode your password, like using URL encoding to avoid to have the '&' symbols.

  • @shirishabonagam526

    @shirishabonagam526

    2 жыл бұрын

    @@TheDevWorldbySergioLema am inserting passwords in vault as you mentioned in vault terminal spring.datasource.password.in my application password is dbpassword = sh&64*fhwT ... After & am getting '64*fhwT' is not recognised.

  • @shirishabonagam526

    @shirishabonagam526

    2 жыл бұрын

    @@TheDevWorldbySergioLema and I have one more query.my application name is customer and inside customer folder services folder is there.inside the services I have four property files are there. I was used label also to checkout the other branch.. but am unable to fetch the uri specified in config server.

  • @TheDevWorldbySergioLema

    @TheDevWorldbySergioLema

    2 жыл бұрын

    You must check directly in Vault, because I think the problem is not at the read but when storing the password in Vault.

  • @TheDevWorldbySergioLema

    @TheDevWorldbySergioLema

    2 жыл бұрын

    Check here, cloud.spring.io/spring-cloud-config/reference/html/#_quick_start, how Spring Cloud Config searches for the application yml files depending on the application name, profile and label.

  • @sladerunsoftware381
    @sladerunsoftware3812 жыл бұрын

    Thanks for this, Sergio. Very helpful in its conciseness. A couple of security observations: 1. You seem to suggest that the Git repo's username and password might be embedded in the "cloud.config.server.git.uri'. All secrets should reside in Vault, no? If so, how would you tell the config server to get the Git credentials from Vault? And, 2. Along the same lines, it looks like the Config Server's microservice clients have unprotected access to the server? Shouldn't each microservice have its own Config Server username and password, again, residing in Vault? Just a couple of thoughts as I'm currently upgrading a 2 year old system and intend to make sure all assets are secured and all secrets are stored in Vault. Questions are rhetorical... Please don't feel obligated to respond .

  • @TheDevWorldbySergioLema

    @TheDevWorldbySergioLema

    2 жыл бұрын

    Thanks for your observations. 1. The configuration described is in the Config Server. In some way, the Config Server must know how to update the Git repository. I know that having the credentials in the application yaml isn't very secure. Nevertheless, having them in Vault will lead to an infinite loop. But for the Git authentication you have other methods, as the SSH keys. 2. I've shown a quick setup of Spring Config Server with Vault. But you're right, for security reasons, each microservice should need a set of individual credentials to get the information from the Config Server. There are multiple ways to do that: with the username and password in the bootstrap file; with the username and password in the Config Server URL; or indicating which individual Vault token to use to retrieve the personal configuration. This way, only the target microservice knows about the Vault authentication with its particular configuration, no other microservice can access this particular configuration without this personal Token. I hope I've answered your doubts. And courage for the migration!

  • @maneshipocrates2264
    @maneshipocrates2264 Жыл бұрын

    Is boostrap not legacy?

  • @TheDevWorldbySergioLema

    @TheDevWorldbySergioLema

    Жыл бұрын

    I'm not sure to understand your question. I'm not even sure how it's related to the video.

  • @maneshipocrates2264

    @maneshipocrates2264

    6 ай бұрын

    Hi. I was asking whether using the bootstrap dependency in boot 3.2 is optional? And I am trying to load properties from a onfig server. The issue is: when I use a username and password to lok the config server (and implemented credential authentication from the config server database), it is impossible for the config client to authenticate using the secrets from vault. I could not load the config lient properties even after storing the username and password in Hashicorp vault. Thanks@@TheDevWorldbySergioLema

Келесі