I would like to have my Vault run with TLS enabled. So I created some self-signed certificates and a keystore.jks using the /src/test/bash/create_certificates.sh file.
In Spring I am NOT using the 'spring.config.import=vault://' directive to auto-use the properties inside application.properties like 'spring.cloud.vault.token', etc., but rather I am creating VaultTemplate manually. (Using 'spring.config.import=vault://' didn't make my code work..) So when I want to specify the truststore Spring needs to use, specifying it in 'spring.cloud.vault.sll.trust-store' will not leed to success.
My current workaround is to install the certificate inside the JVM in Java/jdk/lib/security/cacerts But since I am working at this project with multiple people, I do not wish for the others having to install it inside the JVM aswell.
Is there a solution to use TLS and accept the self-signed certificate in Spring, without using 'spring.cloud.import=vault://'
Thanks in advance :)
Comment From: ryanjbaxter
@mp911de do you happen to know?
Comment From: mp911de
If you store your certificate in the trust store, then the client will accept it. In the Spring Cloud Vault CI build we do the same, however we create an own CA to sign certificates with. A YAML config looks like:
spring.cloud.vault.ssl:
trust-store: file:…
trust-store-password: changeit
For Vault usage through Spring Cloud Config the config should look like:
spring.cloud.config.vault.ssl:
trust-store: file:…
trust-store-password: changeit
Comment From: pH-Valiu
Thank you for the response,
so if I understood correctly, I can use spring.cloud.vault.ssl:trust-store: file:xyz, where xyz is the keystore.jks file from create_certificates.sh?
Or do I get that desired file from somewhere else?
And can I place that specific file relativ to the source code in like a ressource folder and just say:
file:trustStore.store or do I have to give the full path: C:\Project\resources\trustStore.store
Comment From: mp911de
You can either go by relative or absolute paths.