OntoPop
Search…
Bootstrap Context
Responsible for loading configuration properties from external sources, such as HashiCorp Vault, Azure Key Vault or AWS Secrets Manager, and decrypting them if necessary.
Last Updated: 04 February 2022 • Page Author: Jillur Quddus

The OntoPop Spring bootstrap context is responsible for loading configuration properties from external sources, such as HashiCorp Vault, Azure Key Vault or AWS Secrets Manager, and decrypting them if necessary.

The configuration for the OntoPop Spring bootstrap context may be found in the ontopop-configuration Maven module, at src/main/resources/bootstrap.yml. The complete configuration file is as follows:
spring:
application:
name: ontopop
cloud:
vault:
enabled: true
host: localhost
port: 8200
scheme: http
authentication: TOKEN
token: ${VAULT_TOKEN}
kv:
enabled: true
backend: secret
default-context: ontopop/development
azure:
keyvault:
enabled: false
client-id: ${AZURE_KEYVAULT_CLIENT_ID}
client-key: ${AZURE_KEYVAULT_CLIENT_SECRET}
tenant-id: ${AZURE_KEYVAULT_TENANT_ID}
uri: ${AZURE_KEYVAULT_URI}
aws:
secretsmanager:
enabled: false
name: ontopop
prefix: /secret
defaultContext: application
failFast: true
region: eu-west-2

Configure this namespace if you wish to load externalized configuration from HashiCorp Vault.
Property
Description
Example Value
enabled
Whether to enable externalized configuration from HashiCorp Vault.
true
host
HashiCorp Vault hostname. The host name will be used for SSL certificate validation if required.
localhost
port
HashiCorp Vault port.
8200
scheme
Whether to use http or https.
http
authentication
Authentication mechanism to authorize client requests.
TOKEN
token
If using token-based authentication, then the static token to use. Note that the token should be set as an environment variable and NOT stored as plaintext in bootstrap.yml.
s.AB638dhfdnbC7dehq
kv.enabled
Whether to enable the Key-Value secrets backend, supporting storage of arbitrary values as key-value store.
true
kv.backend
The path of the secret mount to use.
secret
kv.default-context
The context name used by all applications.
ontopop/development
For further information and properties related to loading externalized configuration from HashiCorp Vault, please refer to https://cloud.spring.io/spring-cloud-vault/reference/html/.

Configure this namespace if you wish to load externalized configuration from Azure Key Vault.
Property
Description
Example Value
enabled
Whether to enable externalized configuration from Azure Key Vault.
true
client-id
The Azure Key Vault Client ID (this can be identified using the Azure Portal or via the Azure CLI). Note that the Client ID should be set as an environment variable and NOT stored as plaintext in bootstrap.yml.
83hdbeuhd-c887-83ke-f16ghdss
client-key
The Azure Key Vault Client Secret (this can be identified using the Azure Portal or via the Azure CLI). Note that the Client Secret should be set as an environment variable and NOT stored as plaintext in bootstrap.yml.
S-g.Klfh88JK8sjd.POk6
tenant-id
The Azure Key Vault Tenant ID (this can be identified using the Azure Portal or via the Azure CLI). Note that the Tenant ID should be set as an environment variable and NOT stored as plaintext in bootstrap.yml.
27dhddfj-9387-8731-shsmnb56s
uri
The Azure Key Vault URI (this can be identified using the Azure Portal or via the Azure CLI). Note that the URI should be set as an environment variable and NOT stored as plaintext in bootstrap.yml.
https://my-key-vault.vault.azure.net
For further information and properties related to loading externalized configuration from Azure Key Vault, please refer to https://docs.microsoft.com/en-us/azure/developer/java/spring-framework/configure-spring-boot-starter-java-app-with-azure-key-vault.

Configure this namespace if you wish to load externalized configuration from AWS Secrets Manager.
Property
Description
Example Value
enabled
Whether to enable externalized configuration from AWS Secrets Manager.
true
name
The name of the secret to lookup containing the configuration as key-value pairs.
ontopop
prefix
The name of the prefix indicating the first level for every property.
/secret
defaultContext
The context name used by all applications.
application
failFast
Whether to throw exceptions during configuration lookup, otherwise log warnings.
true
region
The AWS region of the AWS Secrets Manager.
eu-west-2
Note that an IAM user with privileges to read secrets from the AWS Secrets Manager must be configured (either via the AWS Management Console or AWS CLI) if you wish to load externalized configuration from AWS Secrets Manager. Thereafter, AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY must be defined as environmental variables and set with the appropriate key and secret associated with the IAM user.
For further information and properties related to loading externalized configuration from AWS Secrets Manager, please refer to https://docs.spring.io/spring-cloud-aws/docs/2.2.4.RELEASE/reference/html/appendix.html.
Copy link
On this page
Overview
Location
Configuration
Namespace: spring.cloud.vault
Namespace: azure.keyvault
Namespace: aws.secretsmanager