I am currently working in a scenario where i need to use spring cloud config server for centralised config management .
Previously we were using the "native" mode to store the configurations in the local filesystem . And the sensitive information like database passwords were stored in the environment variables of the client services .
But , now we want to also use "Hashicorp Vault" to store the database passwords as "secrets" , and simply replace the env variable placeholders in the native files with the secret fetched from vault during the startup .
Current Setup (only "native" mode)
Sample content of serviceA-dev.properties
spring.datasource.connectionProperties=jdbc:postgresql://${PG_HOST}:${PG_PORT}/${DB_NAME};username=${DB_USERNAME};password=${DB_PASSWORD}
Expected Setup (both "native" & "vault" mode)
Sample content of serviceA-dev.properties
spring.datasource.connectionProperties=jdbc:postgresql://${PG_HOST}:${PG_PORT}/${DB_NAME};username=${DB_USERNAME};password=${DB_PASSWORD}
But here instead of storing the values of ${DB_PASSWORD} in env variables , we want to connect to vault during the startup , and then replace this with the actual value fetched from the vault
So , can this be achieved ?