I have a spring boot application and I have stored the secrets in Vault (a secrets management platform). and im using Summon for fetching secrets. the application is dockerized, and in the docker file I specified a Summon command to fetch the secrets and inject them as environment variable inside of the application.yml properties.
CMD summon -f secrets.yml -e ${APP_RUN_PROFILE} java -jar ssc-main.jar \
--spring.profiles.active=$APP_RUN_PROFILE \
$EXTRA_JAVA_OPTIONS
- in my secrets.yml file I have the path to the secrets.
- in the application.yml I used
cfg.app.token.smth.username="#{environment.SMTH_USERNAME_SECRET}"
My questions are:
- Is this environment variable injected after the application has started?
- Since, the the properties are loaded during the application startup, does it still load the application with empty values and then inject those variables after the application has started?
- Is it a correct way of injecting those secrets?