The Spring Cloud Services Config Server provides the ability to serve configuration properties from a composite of multiple backends, including multiple Git repositories and the HashiCorp Vault server. This feature builds upon the Composite Environment Repositories feature of Spring Cloud Config Server by allowing declaration of multiple Git servers together with (optionally) a Vault server to compose a unified configuration source.

Configuration properties

The Spring Cloud Services Config Server cannot serve configuration properties from multiple Vault servers. A composite backend can contain only a single Vault server.

Property source precedence

When a Config Server is composed with multiple backends, a request from a client app retrieves properties found in any applicable backend within the composite. The composite backends are always searched in the order in which they are configured, and the Config Server assembles configuration properties beginning at the first backend in the composite by order.

For example, given the following configuration:

  • Property dbhost=foo is defined in the first backend
  • Property dbhost=bar is defined in the second backend
  • Property port=4321 is defined in the third backend

The client will resolve property dbhost to foo, from the first backend, as that backend has precedence over the second. Property port will be resolved to 4321, as it is only defined in the third backend.

Fail-fast behavior

If the Config Server encounters an error when retrieving properties from any one of the backends, the client app's request fails. The Config Server's composite configuration sources will only be available once all backends are available.

Use of labels

Within the composite, all repositories or servers must contain the same labels--branches or tags in a Git repository, or paths in a Vault server. A label in a Config Server configuration source corresponds to a Spring application profile on a client app. If a client app makes a request for configuration for a given profile and one of the composite's backends does not have a corresponding branch, tag, or path, the request fails and no configuration is returned.

See below for information about configuring a Config Server service instance to use a composite backend for configuration sources.

General configuration

Parameters used to configure configuration sources are part of a JSON array called composite. The composite array contains one or more JSON objects which defines a type key, where the value of type is either git or vault. An object with a type of git contains settings for a Git repository, and an object with a type of vault contains settings for a Vault server. For information about configuring a Git configuration source, see Configuring with Git. For information about configuring a Vault configuration source, see Configuring with Vault.

Configuration properties from individual backends are given precedence based on the order in which they are provided to the Config Server. A backend specified later in the composite array is searched after backends specified earlier in the array.

To configure a Config Server service instance to use a composite backend comprising two Git repositories and a Vault server, you might use the following:

cf create-service p.config-server standard config-server -c '{ "composite": [ { "type": "git", "uri": "https://github.com/spring-cloud-services-samples/cook-config", "periodic": true }, { "type": "git", "uri": "https://github.com/spring-cloud-samples/config-repo" }, { "type": "vault", "host": "127.0.0.1", "port": 8200, "scheme": "https", "backend": "secret", "defaultKey": "application", "profileSeparator": "," } ] }'

In this example, configuration properties found in the Vault server are added to the response only if they are not found in either of the Git repositories specified before the Vault server.

To configure a Config Server service instance to use a composite backend comprising a Vault server and a Git repository, use the following:

cf create-service p.config-server standard config-server -c '{ "composite": [ { "type": "vault", "host": "127.0.0.1", "port": 8200, "scheme": "https", "backend": "secret", "defaultKey": "application", "profileSeparator": "," }, { "type": "git", "uri": "https://github.com/spring-cloud-services-samples/cook-config" } ] }'

In this example, the response consists of configuration properties found in the Vault server, plus any properties found only in the Git repository.

For information about using an app to access configuration values served by a Config Server service instance, see Writing Client Applications.

Proxy servers for composite backends

Proxy server configuration must be defined for each item in the composite set. For example:

cf create-service p.config-server standard config-server -c '{ "composite": [ { "type": "git", "uri": "https://github.com/spring-cloud-services-samples/cook-config", "proxy": { "http": { "host": "http://proxy1.example.com", "port": 3218 } } }, { "type": "git", "uri": "https://github.com/spring-cloud-samples/config-repo", "proxy": { "http": { "host": "http://proxy2.example.com", "port": 3218 } } }, { "type": "vault", "host": "127.0.0.1", "proxy": { "http": { "host": "http://proxy1.example.com", "port": 3218 } } } ] }'

For detailed information about configuring proxy support, see the HTTP(S) Proxy Repository Access section of Configuring with Git and the HTTP(S) Proxy Repository Access section of Configuring with Vault.

check-circle-line exclamation-circle-line close-line
Scroll to top icon