Replace Env Variables Placeholder in spring config server native mode with vault secret

[animo93]

I am currently working in a scenario where i need to use spring cloud config server for centralised config management .

Previously we were using the "native" mode to store the configurations in the local filesystem . And the sensitive information like database passwords were stored in the environment variables of the client services .

But , now we want to also use "Hashicorp Vault" to store the database passwords as "secrets" , and simply replace the env variable placeholders in the native files with the secret fetched from vault during the startup .

Current Setup (only "native" mode)

Sample content of serviceA-dev.properties

spring.datasource.connectionProperties=jdbc:postgresql://${PG_HOST}:${PG_PORT}/${DB_NAME};username=${DB_USERNAME};password=${DB_PASSWORD}

Expected Setup (both "native" & "vault" mode)

Sample content of serviceA-dev.properties

spring.datasource.connectionProperties=jdbc:postgresql://${PG_HOST}:${PG_PORT}/${DB_NAME};username=${DB_USERNAME};password=${DB_PASSWORD}

But here instead of storing the values of ${DB_PASSWORD} in env variables , we want to connect to vault during the startup , and then replace this with the actual value fetched from the vault

So , can this be achieved ?