springboot MongoDB URI property doesn't interact well with Spring Cloud Vault

When using Spring Cloud Vault to generate credentials for a MongoDB instance, it's impossible to use the spring.data.mongodb.uri property, as setting that causes the username/password fields to be ignored.

This can normally be worked around by just specifying the host/port/database/etc, but that's not as nice, and still doesn't let you specify a different protocol, such as 'mongodb+srv', which is very useful when deploying under Kubernetes.

What would be nice is to have the username/password (if specified), injected into the uri.

The mongodb driver the 2.1 branch is using doesn't actually support mongodb+srv, but the 2.2 branch does.

I don't see an alternative way to specify the protocol, but I could be missing something.

Comment From: wilkinsona

it's impossible to use the spring.data.mongodb.uri property, as setting that causes the username/password fields to be ignored.

You can include the username and password in the URI and the driver's ConnectionString will parse and use them.

What would be nice is to have the username/password (if specified), injected into the uri.

I don't think we can do that as it may be a breaking change for some. As things stand, when spring.data.mongodb.uri is set, it is used exclusively. Injecting other properties into the URI would prevent the URI being used in one environment to override configuration with individual properties in another.

I don't see an alternative way to specify the protocol, but I could be missing something.

You should be able to specify the protocol when configuring spring.data.mongodb.uri. Perhaps you can take this approach and include the username and password in the URI?

Comment From: elFarto

Specifying the actual username and password in the URI is problematic, as they don't exist until Spring Cloud Vault asks the Vault instance to create them (Vault logs in to the database and creates a new user).

However, it seems I can add in references to username/password in the URI, eg:

spring.data.mongodb.uri=mongodb+srv://${spring.data.mongodb.username}:${spring.data.mongodb.password}@mongo/testdb?ssl=false

This is somewhat inelegant, but it does seem to work (at least when specified in a properties file, I still need to test it injected via an environment variable).

Comment From: elFarto

Seems it doesn't like having that value injected in as an environment variable. The embedded properties don't get expanded, so it passes in "${spring.data.mongodb.username}" as the user name directly.

I can probably make it work by making all the things I might need to pass in the URI properties so they can be overridden, but it's a pain.

To clarify an earlier point, I don't mind the 'injecting the username/password into the URI' being a feature I have to explicitly opt into.

Comment From: JnMik

I need this too. DId you find a way to make it work ?

Comment From: snicoll

We've discussed this one and the approach of including the user name and password in the URI as suggested previously is what we recommend users to do. There are more places in Spring Boot that are applicable to such arrangement.

When you do, please do not reuse existing configuration keys (such as spring.data.mongodb.username in the example above) but use your own key instead.