I am trying to access secrets from the Cubbyhole engine by dynamically creating a token having use-limit, policy and ttl.
After incorporating the changes in the answers, the exception has changed to:
org.springframework.vault.authentication.VaultLoginException: Cannot login using Cubbyhole: []
followed by:
Caused by: org.springframework.web.client.HttpClientErrorException$NotFound: 404 Not Found: "{"errors":[]}<EOL>"
Here is the secret in my vault:
Following is the code. I am running vault in development mode with the command ./vault.exe server --dev --dev-root-token-id="mytoken". Any sort of help is gratefully appreciated.
Configuration:
@Configuration
public class VaultConfig extends AbstractVaultConfiguration {
public static VaultEndpoint vaultEndpoint;
private static RestOperations restOperations;
public static VaultTemplate vaultTemplate;
@EventListener(ApplicationReadyEvent.class)
public void init() {
VaultConfig.restOperations = restOperations();
VaultConfig.vaultEndpoint = vaultEndpoint();
VaultConfig.vaultTemplate = vaultTemplate();
}
@Override
public VaultEndpoint vaultEndpoint() {
VaultEndpoint vaultEndpoint = VaultEndpoint.create("localhost", 8200);
vaultEndpoint.setScheme("http");
return vaultEndpoint;
}
@Override
public ClientAuthentication clientAuthentication() {
return new TokenAuthentication("mytoken");
}
public static CubbyholeAuthentication getCubbyholeAuthentication(String token) {
CubbyholeAuthenticationOptions options = CubbyholeAuthenticationOptions.builder()
.initialToken(VaultToken.of(token))
.path("cubbyhole/token")
.build();
return new CubbyholeAuthentication(options, VaultConfig.restOperations);
}
}
Service implementation:
@Service
public class CubbyHoleService {
@EventListener(ApplicationReadyEvent.class)
public void init() {
String cubbyholeToken = getCubbyholeToken().getToken().getToken();
String uuid = UUID.randomUUID().toString();
cubbyHoleWrite(uuid, cubbyholeToken);
cubbyHoleRead(uuid, cubbyholeToken);
}
public void cubbyHoleWrite(String uuid, String token) {
VaultTemplate vaultTemplate = getVaultTemplate(token);
VaultKeyValueOperations vaultKeyValueOperations = vaultTemplate
.opsForKeyValue("cubbyhole", VaultKeyValueOperationsSupport.KeyValueBackend.KV_1);
vaultKeyValueOperations.put(uuid, new Secrets("john_cubby", "wick_value"));
System.out.println("CubbyHole Data Saved");
}
public void cubbyHoleRead(String uuid, String token) {
VaultTemplate vaultTemplate = getVaultTemplate(token);
VaultKeyValueOperations vaultKeyValueOperations = vaultTemplate
.opsForKeyValue("cubbyhole", VaultKeyValueOperationsSupport.KeyValueBackend.KV_1);
VaultResponseSupport<Secrets> responseSupport = vaultKeyValueOperations.get(uuid, Secrets.class);
if (responseSupport == null) {
System.out.println("CubbyHole Data not found");
return;
}
System.out.println("CubbyHole Data found");
Secrets secrets = responseSupport.getData();
System.out.println(secrets.toString());
}
private VaultTemplate getVaultTemplate(String token) {
return new VaultTemplate(VaultConfig.vaultEndpoint, VaultConfig.getCubbyholeAuthentication(token));
}
private VaultTokenResponse getCubbyholeToken(){
List<String> policies = Arrays.asList("default", "cubbyhole-policy", "cubbyhole-policy-token");
VaultTokenRequest tokenRequest = VaultTokenRequest.builder()
.ttl(120, TimeUnit.MINUTES).numUses(100).policies(policies).renewable(true)
.build();
return VaultConfig.vaultTemplate.opsForToken().create(tokenRequest);
}
}
Secrets POJO:
@Data
@AllArgsConstructor
@NoArgsConstructor
public class Secrets {
private String key;
private String value;
}
Policies created:
cubbyhole-policy.hcl:
path "cubbyhole/data/*" {
capabilities = ["read", "create", "update", "delete", "list"]
}
cubbyhole-policy-token.hcl:
path "cubbyhole/token/*" {
capabilities = ["read", "create", "update", "delete", "list"]
}
While debugging, I have found the issue to be in the method lookupToken() in CubbyholeAuthentication.java. It is not able to login it seems.
For convenience I have provided the code in github: https://github.com/SpringVaultPrac/