Skip to content
/ helidon-mp-custom-config-oci-vault Public

Sample application for Helidon MP Custom Config Source that retrieves data from OCI Vault

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

klustria/helidon-mp-custom-config-oci-vault

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
src/main
src/main
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
pom.xml
pom.xml
 
 

Repository files navigation

Helidon Datasource Configuration Example

This is a simple Helidon MP project that retrieves datasource configuration parameters from application.yaml, except for the password which is fetched from the Oci Vault/Secret. The Oci Vault/Secret data fetching is performed using Custom Config Source in CustomOciSecretConfigSource.java. This is registered as a service via src/main/resources/META-INF/services/org.eclipse.microprofile.config.spi.ConfigSource. The rest of the parameters will be retrieved from the default Config Source which in this case will be data coming from
src/main/resources/application.yaml.

The custom config source will use the Oci SDK for Vault/Secrets to retrieve the encrypted target data which in this sample application is the datasource password. The parameters for the Oci SDK invocation will be retrieved from the same src/main/resources/application.yaml. To disable custom config source, you can either delete CustomOciSecretConfigSource.java or src/main/resources/META-INF/services/org.eclipse.microprofile.config.spi.ConfigSource. Without the custom config source, the application will go back to retrieving the password from the default config source, i.e. from the application.yaml.

Prerequisites

  1. OCI Vault Key and Secrets need to be created. There is a good example guide for this in Protect Your Sensitive Data With Secrets In The Oracle Cloud. Once created, get the OCID of the secret entry representing the datasource password and use that as the value for oci.secret.id in application.yaml. There's another commented out approach in CustomOciSecretConfigSource.java for retrieving the same data which uses the secret name. If this option is the preferred way, fill in parameter values for oci.secret.name and oci.vault.id.
  2. When authenticating using user principal, make sure to set up user credentials in ~/.oci/config.

Additional Information/References

  1. For more details about Helidon Custom Config Sources, please consult Creating Custom Config Sources section in Helidon Microprofile Config Sources.
  2. Details about Oci Vault/Secrets SDK can be found in Managing Secrets.

System Requirements:

  1. JDK 11+
  2. mvn 3.8.3+
  3. Helidon 2.5.0

Build

mvn package
java -jar target/helidon-config-vault.jar

Exercise the application

curl http://localhost:8080/datasource
{"javax.sql.DataSource.slDataSource.dataSourceClassName":"org.h2.jdbcx.JdbcDataSource","javax.sql.DataSource.slDataSource.dataSource.url":"jdbc:h2:mem:slPU","javax.sql.DataSource.slDataSource.dataSource.user":"sa","javax.sql.DataSource.slDataSource.dataSource.password":"Password123!"}

Ensure that the response contain the correct password value in javax.sql.DataSource.slDataSource.dataSource.password and is exactly what was created in the Oci Vault/Secret.

About

Sample application for Helidon MP Custom Config Source that retrieves data from OCI Vault

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages