Reading the documentation I discovered that I can connect the HashiCorp Vault with RabbitMQ and Databases to aqcuire login credentials for these through the Vault.
However I cannot find any documentation how these secret engines can support different profiles.
The application have different Database URL/USER/PASS for Test and Production.
When using K/V Secret Engine, I can create profiles subpaths to store the different Test and Production secrets.
/secret/application/test
/secret/application/prod
However is it possible to achieve the same with RabbitMQ and Database Secret Engines?
I am using Spring Boot and Spring Cloud Vault for configuring the HashiCorp Vault.
This in the application.yml
spring:
rabbitmq:
host: ${RABBITMQ_HOST:rabbitmq}
port: ${RABBITMQ_PORT:5672}
virtual-host: ${RABBITMQ_VIRTUALHOST:/}
username: ${RABBITMQ_USERNAME:guest}
password: ${RABBITMQ_PASSWORD:guest}
cloud:
vault:
host: localhost
port: 8200
scheme: http
authentication: token
token: hvs.CAESIEkfMLu6pczgO7t
With RabbitMQ Vault configuration
spring:
cloud:
vault:
host: localhost
port: 8200
scheme: http
authentication: token
token: hvs.CAESIEkfMLu6pczgO7t
rabbitmq:
enabled: true
role: readonly
backend: rabbitmq
username-property: spring.rabbitmq.username
password-property: spring.rabbitmq.password
I have managed to create rabbitmq-test
and rabbitmq-prod
in HashiCorp Vault. Each connected to different RabbitMQ instances.
However how to configure application-test.yml
and application-prod.yml
to connect to these two different rabbitmq?
I think I found out how.
In application-test.yml
spring:
cloud:
vault:
rabbitmq:
backend: rabbitmq-test
For the RabbitMQ engine I created with the path rabbitmq-test/ in HashiCorp Vault.