|
|
|
|
|
|
by usr42
2311 days ago
|
|
|
Thanks for your feedback. I agree that the post does not offer a generally applicable solution for the rotation of configuration. Unfortunately, it looks like in this moment of time there is no such solution available (at least not that I'm aware of).
On the other hand, the reason for writing this post was not to solve this issue but to help developers of Spring applications to use Hashicorp Vault for generating dynamic database credentials. A solution for the more generally applicable, but also much more complex problem of configuration rotation without downtime would likely also solve the issue of the blog post. But as long as this solution is not available a more specific approach could at least address the challenges for some of us. The quite narrow scope of the blog post is bound to relational databases and HikariCP and I hope that I could point out that this still addresses a lot of use-cases (at least as long as SQL databases are not dead ;) ). Additionally, I would like to increase the awareness that Spring itself is currently not automatically addressing the issue of rotating expiring secrets provided by Hashicorp Vault. Because Spring provides so many out-of-the-box production ready solutions for a lot of use-cases a lot of developers don’t know and even think about the edge cases which could still create pain. I’m really interested in more details about the proxy-based approach you were writing about. If I’m able to build a more general solution with this approach I would be really happy to share this approach in another blog post.
Or do you know if it there already something planed in the Spring backlog to make this easier? |
|
|