Spring Vault GA 1.0 Released

| by Andrew Morgan Follow 1 Followers on May 08, 2017. Estimated reading time: 2 minutes |

A note to our readers: You asked so we have developed a set of features that allow you to reduce the noise: you can get email and web notifications for topics you are interested in. Learn more about our new features.

Pivotal has announced the general availability of Spring Vault 1.0. It is a Java library which offers client-side abstractions around Hashicorp Vault, a secret management tool. Following typical Spring idioms, it allows Vault to be more easily integrated into Spring or Java applications. Some familiar patterns include templating, property sources, and more.

Hashicorp Vault is a tool which provides developers with a secure means of accessing and storing secrets such as API tokens, SSL certificates and passwords. It also handles access control for users, with the ability to revoke and roll tokens. On top of this, there is also auditing functionality which allows tracking of users.

Java developers who want to adopt Vault would typically be presented with a choice of the CLI or the API. Thus, when calling Vault from the JVM it's likely that developers would choose the API and implement their own client library. Spring Vault removes the need for developers to do this themselves, by providing one as an open source project. It is also backed by a commercial enterprise, Pivotal.

Although not dependent on Spring itself, the high-level design principles and abstractions are familiar, together with the aim to reduce boilerplate code for the developer. This means the framework should be particularly straightforward for Spring developers to adopt, as well as the typical Java developer. 

In order to interact with Vault, Spring Vault makes use of the central class VaultTemplate. Aiming to be synonymous to the Vault CLI and API, it offers familiar operations such as "write", "read", "delete" and "revoke":

Secret toWrite = new Secret("foo");
vaultTemplate.write("mysecret/myapp", toWrite);

VaultResponseSupport<Secret> toRead ="mysecret/myapp", Secret.class);

Through the use of the @VaultPropertySource annotation, a declarative mechanism is given which allows Spring Vault to implicitly map secrets to Java objects:

@VaultPropertySource(value = "foo/creds", propertyNamePrefix = "foo")
public class SomeConfig {
  // ...

public class MyProperties {
  private String awsAccessKey;

  private String awsSecretKey;

  // ...

The library also supports multiple authentication mechanisms: AppId, AppRole, AWS EC2, TLS Certificates, and Cubbyhole. By providing these through implementations of a ClientAuthentication class, it means a Java developer is provided with scaffolding to a more easily setup initial login.

The need to manage sessions is also handled by the framework through a SessionManager class. This means tasks such as renewing tokens, revoking on disposal are automated, and not required to be done explicitly by the application code, again removing some additional development overhead.

Additional details can be found in the official documentation, with the library being available for download in Maven Central, and the source code available on GitHub.


Rate this Article

Adoption Stage

Hello stranger!

You need to Register an InfoQ account or or login to post comments. But there's so much more behind being registered.

Get the most out of the InfoQ experience.

Tell us what you think

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread
Community comments

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread


Login to InfoQ to interact with what matters most to you.

Recover your password...


Follow your favorite topics and editors

Quick overview of most important highlights in the industry and on the site.


More signal, less noise

Build your own feed by choosing topics you want to read about and editors you want to hear from.


Stay up-to-date

Set up your notifications and don't miss out on content that matters to you