I'm using Spring Boot 3.4.3, Java 21 and Windows 11 Pro. I'm trying to read secrets from Hashicorp Vault. I followed various tutorials such as this one but reading credentials has never worked successfully.

First, I added the following maven dependencies:

<dependency>
    <groupId>.springframework.cloud</groupId>
    <artifactId>spring-cloud-starter-vault-config</artifactId>
</dependency>
<dependency>
    <groupId>.springframework.vault</groupId>
    <artifactId>spring-vault-core</artifactId>
</dependency>

I started Vault via vault server -dev and copied the root token. Then I added the following entry in my application.properties (while replacing ROOT_TOKEN with the actual root token):

spring.cloud.vault.uri=http://localhost:8200
spring.cloud.vault.token=ROOT_TOKEN

In the vault web interface under http://127.0.0.1:8020 I added 2 secrets login and password under the secret/application path:

The JSON looks as follows:

I defined a Java configuration class such as:

@Configuration
@Data
public class VaultConfiguration
{
    @Value("${login}")
    private String login;

    @Value("${password}")
    private String password;
}

Apparently now Spring Boot is supposed to resolve both secrets into those Java String variables so that I can proceed to work with them, just like how it works by reading properties from e.g. an application.properties file.

Unfortunately, I get the following exception:

Caused by: .springframework.util.PlaceholderResolutionException: Could not resolve placeholder 'login' in value "${login}"

I'm not sure what else to try to debug this problem. Definining additional properties such as

spring.cloud.vault.kv.enabled=true
spring.cloud.vault.kv.backend=secret
spring.cloud.vault.kv.default-context=application
logging.level.springframework.cloud=TRACE
logging.level.springframework.vault=TRACE

did not help, the top 3 are already set to those defaults so they have no effect. I would prefer not to use the VaultTemplate class directly, but I also didn't manage to read secrets with it either.

I'm using Spring Boot 3.4.3, Java 21 and Windows 11 Pro. I'm trying to read secrets from Hashicorp Vault. I followed various tutorials such as this one but reading credentials has never worked successfully.

First, I added the following maven dependencies:

<dependency>
    <groupId>.springframework.cloud</groupId>
    <artifactId>spring-cloud-starter-vault-config</artifactId>
</dependency>
<dependency>
    <groupId>.springframework.vault</groupId>
    <artifactId>spring-vault-core</artifactId>
</dependency>

I started Vault via vault server -dev and copied the root token. Then I added the following entry in my application.properties (while replacing ROOT_TOKEN with the actual root token):

spring.cloud.vault.uri=http://localhost:8200
spring.cloud.vault.token=ROOT_TOKEN

In the vault web interface under http://127.0.0.1:8020 I added 2 secrets login and password under the secret/application path:

The JSON looks as follows:

I defined a Java configuration class such as:

@Configuration
@Data
public class VaultConfiguration
{
    @Value("${login}")
    private String login;

    @Value("${password}")
    private String password;
}

Apparently now Spring Boot is supposed to resolve both secrets into those Java String variables so that I can proceed to work with them, just like how it works by reading properties from e.g. an application.properties file.

Unfortunately, I get the following exception:

Caused by: .springframework.util.PlaceholderResolutionException: Could not resolve placeholder 'login' in value "${login}"

I'm not sure what else to try to debug this problem. Definining additional properties such as

spring.cloud.vault.kv.enabled=true
spring.cloud.vault.kv.backend=secret
spring.cloud.vault.kv.default-context=application
logging.level..springframework.cloud=TRACE
logging.level..springframework.vault=TRACE

did not help, the top 3 are already set to those defaults so they have no effect. I would prefer not to use the VaultTemplate class directly, but I also didn't manage to read secrets with it either.

• java
• spring
• spring-boot
• vault
• spring-vault

1 Answer 1

As far as I can tell your configuration does not tell Spring Boot to include vault as a source of application properties. It needs to so that vault is included as a source for resolving a placeholder like ${login}.

Add the following to your application.properties:

spring.config.import: vault://

There may be other issues (eg calling the context application) but I would start with this.