Vault in Spring Boot

Post author:anis kchaou
Post published:August 21, 2025
Post category:Uncategorized
Post comments:0 Comments
Post last modified:August 21, 2025

Spring Boot integrates very well with HashiCorp Vault to securely manage secrets (like DB credentials, API keys, tokens) instead of hardcoding them in application.properties.

Here’s a step-by-step guide with example:

🔹 1. Setup Vault

Install Vault locally (or use Docker): docker run --cap-add=IPC_LOCK -d --name=dev-vault -p 8200:8200 vault:latest
Start Vault in dev mode: vault server -dev
- Dev mode root token (e.g., root) is printed in the console.
- Vault UI → http://127.0.0.1:8200
Login to Vault: export VAULT_ADDR='http://127.0.0.1:8200' vault login root
Store a secret: vault kv put secret/springboot-demo username=myuser password=mypassword

🔹 2. Add Dependencies in Spring Boot

pom.xml

<dependency>
  <groupId>org.springframework.cloud</groupId>
  <artifactId>spring-cloud-starter-vault-config</artifactId>
</dependency>
<dependency>
  <groupId>org.springframework.boot</groupId>
  <artifactId>spring-boot-starter-web</artifactId>
</dependency>

<dependency>
  <groupId>org.springframework.cloud</groupId>
  <artifactId>spring-cloud-starter-vault-config</artifactId>
</dependency>
<dependency>
  <groupId>org.springframework.boot</groupId>
  <artifactId>spring-boot-starter-web</artifactId>
</dependency>

Also add Spring Cloud BOM to manage Vault versions:

<dependencyManagement>
  <dependencies>
    <dependency>
      <groupId>org.springframework.cloud</groupId>
      <artifactId>spring-cloud-dependencies</artifactId>
      <version>2023.0.0</version>
      <type>pom</type>
      <scope>import</scope>
    </dependency>
  </dependencies>
</dependencyManagement>

<dependencyManagement>
  <dependencies>
    <dependency>
      <groupId>org.springframework.cloud</groupId>
      <artifactId>spring-cloud-dependencies</artifactId>
      <version>2023.0.0</version>
      <type>pom</type>
      <scope>import</scope>
    </dependency>
  </dependencies>
</dependencyManagement>

🔹 3. Configure Vault in Spring Boot

bootstrap.properties (or bootstrap.yml):

spring.application.name=springboot-demo
spring.cloud.vault.uri=http://127.0.0.1:8200
spring.cloud.vault.authentication=TOKEN
spring.cloud.vault.token=root
spring.cloud.vault.kv.enabled=true

spring.application.name=springboot-demo
spring.cloud.vault.uri=http://127.0.0.1:8200
spring.cloud.vault.authentication=TOKEN
spring.cloud.vault.token=root
spring.cloud.vault.kv.enabled=true

Here:

spring.application.name → app name maps to Vault path (secret/springboot-demo).
TOKEN → authenticate using Vault token (other methods: AppRole, AWS, Kubernetes, etc.).

🔹 4. Use Secrets in Code

If you stored username and password inside secret/springboot-demo, you can inject them:

import org.springframework.beans.factory.annotation.Value;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;

@RestController
public class VaultDemoController {

    @Value("${username}")
    private String username;

    @Value("${password}")
    private String password;

    @GetMapping("/secrets")
    public String getSecrets() {
        return "Username: " + username + ", Password: " + password;
    }
}

import org.springframework.beans.factory.annotation.Value;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;

@RestController
public class VaultDemoController {

    @Value("${username}")
    private String username;

    @Value("${password}")
    private String password;

    @GetMapping("/secrets")
    public String getSecrets() {
        return "Username: " + username + ", Password: " + password;
    }
}

🔹 5. Run the App

mvn spring-boot:run

mvn spring-boot:run

Visit:

http://localhost:8080/secrets

http://localhost:8080/secrets

➡ Should print the secrets from Vault.

🔹 1. Setup Vault

🔹 2. Add Dependencies in Spring Boot

🔹 3. Configure Vault in Spring Boot

🔹 4. Use Secrets in Code

🔹 5. Run the App

You Might Also Like

Try catch

OpenAPI integration with Spring Boot

Parallel Stream in Java

Okta in Spring Boot

Guava in Java

Leave a Reply Cancel reply