Document how to import a Docker secret as a configtree

[jkroepke]

Hi,

Context:

I'm trying to configure a spring boot application using docker secrets. Since spring boot does not support _FILE environment vars out of box. I figure out whats should work out of the box.

Reading spring-projects/spring-framework#21961 I got this: #19990

The configuration is needs a property called keycloak.password. I setup a docker secret called keycloak-password which lives in /var/run/secrets/keycloak-password. As i know, docker secrets are always in /var/run/secrets/, I could not use the wildcard feature of config tree here.

According to https://docs.spring.io/spring-boot/docs/current-SNAPSHOT/reference/html/spring-boot-features.html#boot-features-external-config-files-configtree I configured may application env variables like this:

SPRING_CONFIG_IMPORT='configtree:var/run/secrets/'

but the still missing the keycloak.password property.

While KEYCLOAK_PASSWORD=admin work fine, using KEYCLOAK_PASSWORD=${keycloak-password} raise an error like:

***************************
APPLICATION FAILED TO START
***************************

Description:

Failed to bind properties under 'keycloak.password' to java.lang.String:

    Property: keycloak.password
    Value: ${keycloak-password}
    Origin: System Environment Property "KEYCLOAK_PASSWORD"
    Reason: Circular placeholder reference 'keycloak-password' in property definitions

Action:

Update your application's configuration

Actual Result

The property keycloak.password isn't configureable via docker secrets. Re-assign the var via environment variables results in Circular placeholder reference.

Expected Result

Configtree should have the same relax binding support as I known form env variables.

[mbhave]

Can you expand on why you need to set the environment variable as KEYCLOAK_PASSWORD=${keycloak-password}? If you need a property such as keycloak.password in the environment, the secret would be available at: var/run/secrets/keycloak/password.

[jkroepke]

I have to check that. As I know the path of secrets for docker secrets is always /run/secrets/<name> (/var/run/secrets/<name> on older versions). Unlike on kubernetes, the path is not configurable.

[jkroepke]

I figure out, just name the file keycloak.password instead using subfolders will work, too.

Reading the docs, I would expect, define properties with dots via configtree this is only possible trough sub directions.

[wilkinsona]

I wonder if we should update the documentation here? I'm not sure that, strictly speaking, what Docker writes out is a configtree so it may get a bit confusing.

[sreenathhari]

In ur application.properties file you need to add the property
spring.config.import=configtree:var/run/secrets
Then in the same path provided u need to create the secret file with file name as the key which u want to import and file content should be the value of the corresponding property and you can have multiple files in the same location all will be imported as properties to your application on startup.

keycloak.password should be the file name you are creating and the file should contain the secret password

[jkroepke]

@sreenathhari Thanks!

Everything works already fine and document here: https://github.com/adorsys/keycloak-config-cli#configure-properties-values-through-files

From spring docs, its not known that /var/run/secrets.keycloak worked. By reading the docs I thought the file must be named /var/run/secrets/keycloak.