Broadleaf Microservices

Micro Secure Vault Common

Common library for reading data stored in secure vaults.

Micro Secure Vault Library Javadocs

Secure Vault Service

This interface provides a common starting point when implementing a specific secure vault client (i.e. Google Cloud, Azure, etc.)

We currently have the following implementations:

  • GoogleCloudSecretManagerService - See class JavaDocs for usage.

Secure Vaults and Property Sources

In some instances, it might be desirable to use values stored in a secure vault as properties within your service. The SecureVaultEnvironmentPostProcessor abstract class allows you to inject specified values as a property source on application startup.

An example implementation might look something like the following:

public class CartOpsSecureVaultEnvironmentPostProcessor extends SecureVaultEnvironmentPostProcessor {

    public static final String GOOGLECLOUD_PROJECT_ID =
            "broadleaf.cartoperation.securevault.googlecloud.project-id";

    @Override
    public SecureVaultService getSecureVaultService(ConfigurableEnvironment environment) {
        String projectId = environment.getProperty(GOOGLECLOUD_PROJECT_ID);
        return new GoogleCloudSecretManagerService(projectId);
    }

    @Override
    public List<String> getTargetProperties() {
        return Arrays.asList(
                "broadleaf.paypalcheckout.rest.client-secret",
                "broadleaf.paypalcheckout.rest.client-id",
                "broadleaf.paypalcheckout.rest.mode",
                "broadleaf.stripe.rest.public-api-key",
                "broadleaf.stripe.rest.private-api-key",
                "broadleaf.stripe.rest.payment-intent-return-url");
    }
}

In this example we are asking the EnvironmentPostProcessor to use our GoogleCloudSecretManagerService to fetch the secure values for the listed properties and add them to our property sources.

Fallback Properties

If for some reason your secure vault is not able to connect, or you want to override the values that are used locally, you can provide a fallback path to a property file. Add the following to your application.yml file to use external properties in addition to the vault:

broadleaf:
  securevault:
    fallback-property-path: /path/to/your/custom.properties
Note
Only the properties defined in your EnvironmentPostProcessor will be pulled out of this property file, all other properties will be ignored.