Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enhance vault documentation #1580

Open
spencergibb opened this issue Mar 16, 2020 · 2 comments
Open

Enhance vault documentation #1580

spencergibb opened this issue Mar 16, 2020 · 2 comments
Labels
documentation

Comments

@spencergibb
Copy link
Member

It can be a bit confusing

See this gitter conversation https://gitter.im/spring-cloud/spring-cloud?at=5e6f0295c8ddaf238c89c3d3
@snowe2010
Copy link

Some of the things missing from the documentation:

  • No indication of the difference between client auth and server auth. The documentation seems to indicate that you need to provide credentials on both sides.
    • Hiding server vault secrets behind client forced auth could be a bit better explained
    • On this topic, two sample projects would help the situation massively. There are already plenty of samples that demonstrate client token auth, but none mention that there is no alternative. This should be detailed in this section. I was unable to find any samples that showed the different types of server auth.
    • The documentation for spring cloud should have all possible application property values. I searched high and low on the reference, including using the same route from other docs like spring boot that do have these references. There is no indication that cloud uses spring-vault under the covers, but uses different property keys. I'm only able to find the proper keys by digging into VaultEnvironmentProperties.
    • an explanation of what is actually provided to configure these different providers should be provided. After discovering that spring-vault was what was under the covers and not spring-cloud-vault I went to this section of documentation and began trying to autowire those beans as I thought it was necessary. Any explanation that the beans would be auto configured would be good. There are already other people getting confused about the same thing
  • it is not clear what the purpose of VaultEnvironmentRepository is anymore. Without it we get a large ThreadPoolTaskScheduler not initialized when making the very first request after startup to SCCS. With it, it forces the client to provide a token, with the X-Config-Token header
  • It was not clear that using server token auth would automatically refresh the token. This is along the lines of above, where it's not clear how SCCS is utilizing spring-vault under the covers, whether you need to autowire those components etc.
  • No docs about redacting vault secrets in actuator. Spring Cloud Connectors has this capability, maybe it should be added to spring-cloud-config.

@spencergibb
Copy link
Member Author

Anything that isn't docs related will need to go in another issue (ie redacting secrets).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
documentation
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@spencergibb @snowe2010