Secure Secrets With Spring Cloud Config and Vault

In 2013, GitHub released a search feature that allows users to scan code in all public repositories. A day after the release, however, they had to partially shut it down. It was speculated that the shutdown was because the feature allowed any user to search for all kinds of secrets stored in GitHub repositories. Later, in 2014, data on 50,000 Uber drivers was stolen. It seems someone got access to the company’s database using login credentials found in a GitHub public repository. Hashicorp Vault, a tool for managing secrets and encrypting data in transit, was first announced in 2015 and Spring Vault, the integration of Spring with Vault, was first released in 2017.

This is a companion discussion topic for the original entry at

Thanks a lot for this wonderful post. This was one of the few places I found this help. I did add a login (via spring security) to my spring cloud config server (with credentials stored in a database). However, it is not possible for me to load the property sources for config clients when I store the username and password for the clients on vault (using the secret path). Any advice on how to deal with this issue? I do not want to hard code the username and password for each config client to fetch properties from the config server. Thanks again.