Spring Vault

Table of Contents


Spring Vault provides familiar Spring abstractions as well as customer-side support to access, store and revoke secrets. It offers both low and high level abstractions to interact with Vault, freeing the user from infrastructural concerns.

HashiCorp's Vault provides you with a central place to manage external secret data across all environments for applications. Vault can manage static and dynamic secrets for remote applications / resources such as application data, username / password and provide credentials for external services such as MySQL, PostgreSQL, Apache Cassandra, Consul, AWS and more.


  • Spring configuration support using Java based @Configuration classes.
  • VaultTemplate helper class that increases the productivity of common Mongo operations. Includes integrated mapping of objects between documents and POJOs.
  • Supported authentication mechanisms:
    • Token
    • AppRole
    • AWS-EC2
    • AWS-IAM
    • Azure MSI
    • Certificates (PKI)
    • Cubbyhole
    • GCP-GCE
    • GCP-IAM
    • Kubernetes
    • Pivotal CloudFoundry
  • Annotation-based @VaultPropertySource integration
  • Support for renewable and rotating secrets
  • Feature Rich Object Mapping integrated with Spring’s Conversion Service
  • Annotation based mapping metadata but extensible to support other metadata formats
  • Automatic implementation of Repository interfaces including support for custom query methods.



The example of this tutorial can be seen here: Spring Examples - Vault