8.1.6 Oracle Cloud Vault Support

Micronaut supports loading configuration values stored in Oracle Cloud Vaults. To use this feature, add the following dependencies:

Example build.gradle for Oracle Cloud Vault

  1. compile "io.micronaut:micronaut-discovery-client"
  2. compile group: 'com.oracle.oci.sdk', name: 'oci-java-sdk-vault', version: '1.15.4'
  3. compile group: 'com.oracle.oci.sdk', name: 'oci-java-sdk-secrets', version: '1.15.4'
  4. compile group: 'com.oracle.oci.sdk', name: 'oci-java-sdk-common', version: '1.15.4'

To enable distributed configuration a src/main/resources/bootstrap.yml configuration file must be created and configured to use one or more Oracle Cloud Vaults:

bootstrap.yml

  1. micronaut:
  2.   application:
  3.     name: vault-test
  4.   config-client:
  5.     enabled: true
  6. oraclecloud:
  7.   vault:
  8.     config:
  9.       enabled: true
  10.     vaults:
  11.       - ocid: ocid1.vault.oc1.phx...
  12.         compartment-ocid: ocid1.compartment.oc1...
  13.     use-instance-principal: false
  14.     path-to-config: ~/.oci/config
  15.     profile: DEFAULT
  16.     region: US-PHOENIX-1

See the configuration reference for all configuration options.

You can learn more about Oracle Cloud Vault Secrets by reading this blog post.

Each configured vault will be read and all of the secrets within the vault will be retrieved and set into configuration variables with the exact same name as the secret in the Oracle Cloud Vault.

For example, if you create a secret with the name of SECRET_ONE in your Oracle Cloud Vault, then it will be available to use in your application like any standard configuration variable:

  1. @Value("${SECRET_ONE}") String secretOne

You can also use @PropertyName:

  1. @Property(name = "SECRET_ONE") String secretOne

Another option is to inject your variables in to your configuration files which gives you the ability to store things like database passwords and API keys in your vault:

application.yaml

  1. datasources:
  2.   default:
  3.     password: ${DB_PASSWORD}

Vault retrieved values are always String, but you can use @ConfigurationProperties on a bean in conjunction with your application.yml file to provide properly typed configuration variables.

So if you where to create secrets in your Oracle Cloud Vault like so:

NameValue

SECRET_ONE

Value One

SECRET_TWO

value two

SECRET_THREE

true

SECRET_FOUR

42

SECRET_FIVE

3.16

And then added the following to your application.yml file:

application.yml

  1. secrets:
  2.   one: ${SECRET_ONE}
  3.   two: ${SECRET_TWO}
  4.   three: ${SECRET_THREE}
  5.   four: ${SECRET_FOUR}
  6.   five: ${SECRET_FIVE}

You could add a config bean like so:

Config.java

  1. @ConfigurationProperties("secrets")
  2. public class Config {
  3.     private String one;
  4.     private String two;
  5.     private boolean three;
  6.     private int four;
  7.     private Double five;
  9.     /* getters/setters removed for brevity */
  10. }

You could then inject and use this bean in your application with properly typed values.

HelloController.java

  1. @Controller("/hello")
  2. public class HelloController {
  4.     private Config config;
  6.     public HelloController(
  7.             Config config
  8.     ) {
  9.         this.config = config;
  10.     }
  12.     @Get("/")
  13.     public HttpStatus index() {
  14.         return HttpStatus.OK;
  15.     }
  17.     @Get("/secret")
  18.     public HttpResponse getSecret() {
  19.         return HttpResponse.ok(config);
  20.     }
  21. }

Calling the /hello/secret endpoint would return:

  1. {
  2.   "one": "Value One",
  3.   "two": "value two",
  4.   "three": true,
  5.   "four": 42,
  6.   "five": 3.16
  7. }
If you need support for different configurations per environment, you can create an environment specific bootstrap.yml file and utilize a different vault(s) configuration per environment.