This Maven plugin supports pull and pushing Maven project properties from secrets stored in HashiCorp Vault.
To include the vault-maven-plugin in your project add the following plugin to your pom.xml
file:
<build>
<plugins>
<plugin>
<groupId>com.deciphernow</groupId>
<artifactId>vault-maven-plugin</artifactId>
<version>1.0.0-SNAPSHOT</version>
</plugin>
</plugins>
</build>
In order to pull secrets you must add an execution to the plugin. The following execution will pull secrets from secret/user
path on the Vault server https://vault.example.com
. In particular, this configuration will set the value of the ${project.password}
and ${project.username}
Maven properties to the secrets ${vault.password}
and ${vault.username}
respectively.
<build>
<plugins>
<plugin>
<groupId>com.deciphernow</groupId>
<artifactId>vault-maven-plugin</artifactId>
<version>1.0.0-SNAPSHOT</version>
<executions>
<execution>
<id>pull</id>
<phase>initialize</phase>
<goals>
<goal>pull</goal>
</goals>
<configuration>
<servers>
<server>
<url>https://vault.example.com</url>
<token>bf6ba314-47f1-4b9d-ab87-2b8e53fc640f</token>
<paths>
<path>
<name>secret/user</name>
<mappings>
<mapping>
<key>vault.password</key>
<property>project.password</property>
</mapping>
<mapping>
<key>vault.username</key>
<property>project.username</property>
</mapping>
</mappings>
</path>
</paths>
</server>
</servers>
</configuration>
</execution>
</executions>
</plugin>
</plugins>
</build>
Note that the execution will fail if a specified secret key does not exist and that an existing project property will be overwritten.
In order to pull secrets you must add an execution to the plugin. The following execution will pull secrets from secret/user
path on the Vault server https://vault.example.com
. In particular, this configuration will set the value of the ${project.password}
and ${project.username}
Maven properties to the secrets ${vault.password}
and ${vault.username}
respectively.
<build>
<plugins>
<plugin>
<groupId>com.deciphernow</groupId>
<artifactId>vault-maven-plugin</artifactId>
<version>1.0.0-SNAPSHOT</version>
<executions>
<execution>
<id>push</id>
<phase>verify</phase>
<goals>
<goal>push</goal>
</goals>
<configuration>
<servers>
<server>
<url>https://vault.example.com</url>
<token>bf6ba314-47f1-4b9d-ab87-2b8e53fc640f</token>
<paths>
<path>
<name>secret/user</name>
<mappings>
<mapping>
<key>vault.password</key>
<property>project.password</property>
</mapping>
<mapping>
<key>vault.username</key>
<property>project.username</property>
</mapping>
</mappings>
</path>
</paths>
</server>
</servers>
</configuration>
</execution>
</executions>
</plugin>
</plugins>
</build>
Note that the execution will fail if a specified project property does not exist and that an existing secret value will be overwritten.
This build uses standard Maven build commands but assumes that the following are installed and configured locally:
- Java (1.8 or greater)
- Maven (3.0 or greater)
- Docker
- Fork it
- Create your feature branch (
git checkout -b my-new-feature
) - Commit your changes (
git commit -am 'Add some feature'
) - Push to the branch (
git push origin my-new-feature
) - Create new Pull Request