如何从密码 hashicorp 保险库中动态读取 liquibase.properties
How to read liquibase.properties dynamically from password hashicorp vault
在我的 Spring 引导项目中,我正在尝试设置 liquibase 并在开发、测试和生产数据库之间使用它。除了将凭据从 HashiCorp Vault 传递到 liquibase.properties 文件外,一切似乎都运行良好。我可以毫无问题地访问 application.properties 中的凭据,但我不能访问 liquibase.properties 文件中的凭据。我有以下文件,我想从密码库动态传递 URL 和凭据。
liquibase.properties
changeLogFile=src/main/resources/liquibase-changeLog.xml
url=jdbc:mysql://localhost:3306/oauth_reddit
username=tutorialuser
password=tutorialmy5ql
driver=com.mysql.jdbc.Driver
referenceUrl=hibernate:spring:org.baeldung.persistence.model
?dialect=org.hibernate.dialect.MySQLDialect
diffChangeLogFile=src/main/resources/liquibase-diff-changeLog.xml
liquibase.properties是liquibase直接使用的。我不确定 spring 是否以某种方式修改了 liquibase.properties,它可能仅由 maven 插件使用。因此,您将需要在 liquibase 中创建一些额外的解析器,它能够使用 Vault 或只是忘记 liquibase.properties 并使用 spring 的属性。
下面的代码从 vault 中提取数据库详细信息注入数据源,liquibase 使用该数据源连接和执行脚本
build.gradle.kts
import org.jetbrains.kotlin.gradle.tasks.KotlinCompile
plugins {
id("org.springframework.boot") version "2.4.4"
id("io.spring.dependency-management") version "1.0.11.RELEASE"
kotlin("jvm") version "1.4.31"
kotlin("plugin.spring") version "1.4.31"
}
group = "com.db"
version = "0.0.1-SNAPSHOT"
java.sourceCompatibility = JavaVersion.VERSION_1_8
configurations {
compileOnly {
extendsFrom(configurations.annotationProcessor.get())
}
}
repositories {
mavenCentral()
}
dependencies {
implementation("org.springframework.boot:spring-boot-starter-data-jpa")
implementation("org.springframework.cloud:spring-cloud-starter-bootstrap:3.0.2")
implementation("org.jetbrains.kotlin:kotlin-reflect")
implementation("org.jetbrains.kotlin:kotlin-stdlib-jdk8")
implementation("org.liquibase:liquibase-core:4.3.2")
implementation(files("libs/ojdbc6.jar"))
implementation("org.springframework.cloud:spring-cloud-starter-vault-config:3.0.2")
}
tasks.withType<KotlinCompile> {
kotlinOptions {
freeCompilerArgs = listOf("-Xjsr305=strict")
jvmTarget = "1.8"
}
}
tasks.withType<Test> {
useJUnitPlatform()
}
bootstrap.properties
spring.cloud.vault.application-name=database-config
spring.cloud.vault.token=XXXXX
spring.cloud.vault.scheme=http
spring.cloud.vault.kv.enabled=true
spring.cloud.vault.host=localhost
spring.cloud.vault.port=8200
application.properties
logging.level.liquibase=DEBUG
spring.liquibase.change-log=classpath:db/changelog.xml
spring.liquibase.enabled=true
VaultDBConfig
import org.springframework.boot.context.properties.ConfigurationProperties
@ConfigurationProperties("db")
class VaultDBConfig {
var username: String? = null
var password: String? = null
var url: String? = null
}
数据库配置
import oracle.jdbc.pool.OracleDataSource
import java.sql.SQLException
import org.slf4j.Logger
import org.slf4j.LoggerFactory
import org.springframework.context.annotation.Bean
import org.springframework.context.annotation.Configuration
import org.springframework.context.annotation.Primary
import org.springframework.context.annotation.Profile
import org.springframework.core.env.Environment
import javax.sql.DataSource
@Configuration
class DatabaseConfig(private val dbDetails: VaultDBConfig, private val environment: Environment) {
val logger: Logger = LoggerFactory.getLogger(DatabaseConfig::class.java)
@Primary
@Bean
@Throws(SQLException::class)
fun dataSource(): DataSource? {
val oracleDataSource = OracleDataSource()
oracleDataSource.setURL(dbDetails.url)
oracleDataSource.setUser(dbDetails.username)
oracleDataSource.setPassword(dbDetails.password)
return oracleDataSource
}
}
在 application.kt
中启用配置属性
@SpringBootApplication
@EnableConfigurationProperties(VaultDBConfig::class)
class ConfigApplication
fun main(args: Array<String>) {
runApplication<ConfigApplication>(*args)
}
保险库插入
vault kv put secret/database-config db.username=xxx db.password=xxx dp.url=xxx
在我的 Spring 引导项目中,我正在尝试设置 liquibase 并在开发、测试和生产数据库之间使用它。除了将凭据从 HashiCorp Vault 传递到 liquibase.properties 文件外,一切似乎都运行良好。我可以毫无问题地访问 application.properties 中的凭据,但我不能访问 liquibase.properties 文件中的凭据。我有以下文件,我想从密码库动态传递 URL 和凭据。
liquibase.properties
changeLogFile=src/main/resources/liquibase-changeLog.xml
url=jdbc:mysql://localhost:3306/oauth_reddit
username=tutorialuser
password=tutorialmy5ql
driver=com.mysql.jdbc.Driver
referenceUrl=hibernate:spring:org.baeldung.persistence.model
?dialect=org.hibernate.dialect.MySQLDialect
diffChangeLogFile=src/main/resources/liquibase-diff-changeLog.xml
liquibase.properties是liquibase直接使用的。我不确定 spring 是否以某种方式修改了 liquibase.properties,它可能仅由 maven 插件使用。因此,您将需要在 liquibase 中创建一些额外的解析器,它能够使用 Vault 或只是忘记 liquibase.properties 并使用 spring 的属性。
下面的代码从 vault 中提取数据库详细信息注入数据源,liquibase 使用该数据源连接和执行脚本
build.gradle.kts
import org.jetbrains.kotlin.gradle.tasks.KotlinCompile
plugins {
id("org.springframework.boot") version "2.4.4"
id("io.spring.dependency-management") version "1.0.11.RELEASE"
kotlin("jvm") version "1.4.31"
kotlin("plugin.spring") version "1.4.31"
}
group = "com.db"
version = "0.0.1-SNAPSHOT"
java.sourceCompatibility = JavaVersion.VERSION_1_8
configurations {
compileOnly {
extendsFrom(configurations.annotationProcessor.get())
}
}
repositories {
mavenCentral()
}
dependencies {
implementation("org.springframework.boot:spring-boot-starter-data-jpa")
implementation("org.springframework.cloud:spring-cloud-starter-bootstrap:3.0.2")
implementation("org.jetbrains.kotlin:kotlin-reflect")
implementation("org.jetbrains.kotlin:kotlin-stdlib-jdk8")
implementation("org.liquibase:liquibase-core:4.3.2")
implementation(files("libs/ojdbc6.jar"))
implementation("org.springframework.cloud:spring-cloud-starter-vault-config:3.0.2")
}
tasks.withType<KotlinCompile> {
kotlinOptions {
freeCompilerArgs = listOf("-Xjsr305=strict")
jvmTarget = "1.8"
}
}
tasks.withType<Test> {
useJUnitPlatform()
}
bootstrap.properties
spring.cloud.vault.application-name=database-config
spring.cloud.vault.token=XXXXX
spring.cloud.vault.scheme=http
spring.cloud.vault.kv.enabled=true
spring.cloud.vault.host=localhost
spring.cloud.vault.port=8200
application.properties
logging.level.liquibase=DEBUG
spring.liquibase.change-log=classpath:db/changelog.xml
spring.liquibase.enabled=true
VaultDBConfig
import org.springframework.boot.context.properties.ConfigurationProperties
@ConfigurationProperties("db")
class VaultDBConfig {
var username: String? = null
var password: String? = null
var url: String? = null
}
数据库配置
import oracle.jdbc.pool.OracleDataSource
import java.sql.SQLException
import org.slf4j.Logger
import org.slf4j.LoggerFactory
import org.springframework.context.annotation.Bean
import org.springframework.context.annotation.Configuration
import org.springframework.context.annotation.Primary
import org.springframework.context.annotation.Profile
import org.springframework.core.env.Environment
import javax.sql.DataSource
@Configuration
class DatabaseConfig(private val dbDetails: VaultDBConfig, private val environment: Environment) {
val logger: Logger = LoggerFactory.getLogger(DatabaseConfig::class.java)
@Primary
@Bean
@Throws(SQLException::class)
fun dataSource(): DataSource? {
val oracleDataSource = OracleDataSource()
oracleDataSource.setURL(dbDetails.url)
oracleDataSource.setUser(dbDetails.username)
oracleDataSource.setPassword(dbDetails.password)
return oracleDataSource
}
}
在 application.kt
中启用配置属性@SpringBootApplication
@EnableConfigurationProperties(VaultDBConfig::class)
class ConfigApplication
fun main(args: Array<String>) {
runApplication<ConfigApplication>(*args)
}
保险库插入
vault kv put secret/database-config db.username=xxx db.password=xxx dp.url=xxx