Configuration Security - Vault
You can also store sensitive settings inside Vault. Vault can store your existing secrets, or it can dynamically generate new secrets to control access to third-party resources or provide time-limited credentials for your infrastructure. To learn more about Vault and its installation process, please visit the project website.
Once vault is accessible and configured inside CAS, support is provided via the following dependency:
1
2
3
4
5
<dependency>
<groupId>org.apereo.cas</groupId>
<artifactId>cas-server-support-configuration-cloud-vault</artifactId>
<version>${cas.version}</version>
</dependency>
1
implementation "org.apereo.cas:cas-server-support-configuration-cloud-vault:${project.'cas.version'}"
1
2
3
4
5
6
7
8
9
dependencyManagement {
imports {
mavenBom "org.apereo.cas:cas-server-support-bom:${project.'cas.version'}"
}
}
dependencies {
implementation "org.apereo.cas:cas-server-support-configuration-cloud-vault"
}
1
2
3
4
5
6
7
8
9
10
dependencies {
/*
The following platform references should be included automatically and are listed here for reference only.
implementation enforcedPlatform("org.apereo.cas:cas-server-support-bom:${project.'cas.version'}")
implementation platform(org.springframework.boot.gradle.plugin.SpringBootPlugin.BOM_COORDINATES)
*/
implementation "org.apereo.cas:cas-server-support-configuration-cloud-vault"
}
The following settings and properties are available from the CAS configuration catalog:
- Required
- Optional
- Signing & Encryption
- Hibernate & JDBC
- Email Servers
- LDAP & Active Directory
- Authentication
- Password Encoding
- Principal Transformation
- Password Policy
- Third Party
- Notes
spring.cloud.vault.app-id.app-id-path=app-id
Mount path of the AppId authentication backend.
CAS Property:
|
1 |
spring.cloud.vault.app-id.app-id-path=app-id |
1
spring:
cloud:
vault:
app-id:
app-id-path: "app-id"
1
java -Dspring.cloud.vault.app-id.app-id-path="app-id" -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory. Note the placement of the system property which must be
specified before the CAS web application is launched.
1
2
3
export SPRING_CLOUD_VAULT_APP_ID_APP_ID_PATH="app-id"
java -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory.
1
java -jar build/libs/cas.war --spring.cloud.vault.app-id.app-id-path="app-id"
cas.war
with an embedded server container and can be found in the build/libs
directory.
spring.cloud.vault.app-id.network-interface=
Network interface hint for the "MAC_ADDRESS" UserId mechanism.
org.springframework.cloud.vault.config.VaultProperties$AppIdProperties.
CAS Property: spring.cloud.vault.app-id.network-interface
When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value
.
The only possible exception to this rule is when naming actuator endpoints; The name of the
actuator endpoints (i.e. ssoSessions
) MUST remain in camelCase mode.
.properties
files:
1
spring.cloud.vault.app-id.network-interface=...
1
spring:
cloud:
vault:
app-id:
network-interface: "..."
1
java -Dspring.cloud.vault.app-id.network-interface="..." -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory. Note the placement of the system property which must be
specified before the CAS web application is launched.
1
2
3
export SPRING_CLOUD_VAULT_APP_ID_NETWORK_INTERFACE="..."
java -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory.
1
java -jar build/libs/cas.war --spring.cloud.vault.app-id.network-interface="..."
cas.war
with an embedded server container and can be found in the build/libs
directory.
spring.cloud.vault.app-id.user-id=MAC_ADDRESS
UserId mechanism. Can be either "MAC_ADDRESS", "IP_ADDRESS", a string or a class name.
org.springframework.cloud.vault.config.VaultProperties$AppIdProperties.
CAS Property: spring.cloud.vault.app-id.user-id
When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value
.
The only possible exception to this rule is when naming actuator endpoints; The name of the
actuator endpoints (i.e. ssoSessions
) MUST remain in camelCase mode.
.properties
files:
1
spring.cloud.vault.app-id.user-id=MAC_ADDRESS
1
spring:
cloud:
vault:
app-id:
user-id: "MAC_ADDRESS"
1
java -Dspring.cloud.vault.app-id.user-id="MAC_ADDRESS" -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory. Note the placement of the system property which must be
specified before the CAS web application is launched.
1
2
3
export SPRING_CLOUD_VAULT_APP_ID_USER_ID="MAC_ADDRESS"
java -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory.
1
java -jar build/libs/cas.war --spring.cloud.vault.app-id.user-id="MAC_ADDRESS"
cas.war
with an embedded server container and can be found in the build/libs
directory.
spring.cloud.vault.app-role.app-role-path=approle
Mount path of the AppRole authentication backend.
org.springframework.cloud.vault.config.VaultProperties$AppRoleProperties.
CAS Property: spring.cloud.vault.app-role.app-role-path
When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value
.
The only possible exception to this rule is when naming actuator endpoints; The name of the
actuator endpoints (i.e. ssoSessions
) MUST remain in camelCase mode.
.properties
files:
1
spring.cloud.vault.app-role.app-role-path=approle
1
spring:
cloud:
vault:
app-role:
app-role-path: "approle"
1
java -Dspring.cloud.vault.app-role.app-role-path="approle" -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory. Note the placement of the system property which must be
specified before the CAS web application is launched.
1
2
3
export SPRING_CLOUD_VAULT_APP_ROLE_APP_ROLE_PATH="approle"
java -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory.
1
java -jar build/libs/cas.war --spring.cloud.vault.app-role.app-role-path="approle"
cas.war
with an embedded server container and can be found in the build/libs
directory.
spring.cloud.vault.app-role.role=
Name of the role, optional, used for pull-mode.
org.springframework.cloud.vault.config.VaultProperties$AppRoleProperties.
CAS Property: spring.cloud.vault.app-role.role
When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value
.
The only possible exception to this rule is when naming actuator endpoints; The name of the
actuator endpoints (i.e. ssoSessions
) MUST remain in camelCase mode.
.properties
files:
1
spring.cloud.vault.app-role.role=...
1
spring:
cloud:
vault:
app-role:
role: "..."
1
java -Dspring.cloud.vault.app-role.role="..." -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory. Note the placement of the system property which must be
specified before the CAS web application is launched.
1
2
3
export SPRING_CLOUD_VAULT_APP_ROLE_ROLE="..."
java -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory.
1
java -jar build/libs/cas.war --spring.cloud.vault.app-role.role="..."
cas.war
with an embedded server container and can be found in the build/libs
directory.
spring.cloud.vault.app-role.role-id=
The RoleId.
org.springframework.cloud.vault.config.VaultProperties$AppRoleProperties.
CAS Property: spring.cloud.vault.app-role.role-id
When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value
.
The only possible exception to this rule is when naming actuator endpoints; The name of the
actuator endpoints (i.e. ssoSessions
) MUST remain in camelCase mode.
.properties
files:
1
spring.cloud.vault.app-role.role-id=...
1
spring:
cloud:
vault:
app-role:
role-id: "..."
1
java -Dspring.cloud.vault.app-role.role-id="..." -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory. Note the placement of the system property which must be
specified before the CAS web application is launched.
1
2
3
export SPRING_CLOUD_VAULT_APP_ROLE_ROLE_ID="..."
java -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory.
1
java -jar build/libs/cas.war --spring.cloud.vault.app-role.role-id="..."
cas.war
with an embedded server container and can be found in the build/libs
directory.
spring.cloud.vault.app-role.secret-id=
The SecretId.
org.springframework.cloud.vault.config.VaultProperties$AppRoleProperties.
CAS Property: spring.cloud.vault.app-role.secret-id
When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value
.
The only possible exception to this rule is when naming actuator endpoints; The name of the
actuator endpoints (i.e. ssoSessions
) MUST remain in camelCase mode.
.properties
files:
1
spring.cloud.vault.app-role.secret-id=...
1
spring:
cloud:
vault:
app-role:
secret-id: "..."
1
java -Dspring.cloud.vault.app-role.secret-id="..." -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory. Note the placement of the system property which must be
specified before the CAS web application is launched.
1
2
3
export SPRING_CLOUD_VAULT_APP_ROLE_SECRET_ID="..."
java -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory.
1
java -jar build/libs/cas.war --spring.cloud.vault.app-role.secret-id="..."
cas.war
with an embedded server container and can be found in the build/libs
directory.
spring.cloud.vault.application-name=application
Application name for AppId authentication.
org.springframework.cloud.vault.config.VaultProperties.
CAS Property: spring.cloud.vault.application-name
When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value
.
The only possible exception to this rule is when naming actuator endpoints; The name of the
actuator endpoints (i.e. ssoSessions
) MUST remain in camelCase mode.
.properties
files:
1
spring.cloud.vault.application-name=application
1
spring:
cloud:
vault:
application-name: "application"
1
java -Dspring.cloud.vault.application-name="application" -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory. Note the placement of the system property which must be
specified before the CAS web application is launched.
1
2
3
export SPRING_CLOUD_VAULT_APPLICATION_NAME="application"
java -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory.
1
java -jar build/libs/cas.war --spring.cloud.vault.application-name="application"
cas.war
with an embedded server container and can be found in the build/libs
directory.
spring.cloud.vault.authentication=
org.springframework.cloud.vault.config.VaultProperties.
CAS Property: spring.cloud.vault.authentication
When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value
.
The only possible exception to this rule is when naming actuator endpoints; The name of the
actuator endpoints (i.e. ssoSessions
) MUST remain in camelCase mode.
.properties
files:
1
spring.cloud.vault.authentication=...
1
spring:
cloud:
vault:
authentication: "..."
1
java -Dspring.cloud.vault.authentication="..." -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory. Note the placement of the system property which must be
specified before the CAS web application is launched.
1
2
3
export SPRING_CLOUD_VAULT_AUTHENTICATION="..."
java -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory.
1
java -jar build/libs/cas.war --spring.cloud.vault.authentication="..."
cas.war
with an embedded server container and can be found in the build/libs
directory.
spring.cloud.vault.aws-ec2.aws-ec2-path=aws-ec2
Mount path of the AWS-EC2 authentication backend.
org.springframework.cloud.vault.config.VaultProperties$AwsEc2Properties.
CAS Property: spring.cloud.vault.aws-ec2.aws-ec2-path
When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value
.
The only possible exception to this rule is when naming actuator endpoints; The name of the
actuator endpoints (i.e. ssoSessions
) MUST remain in camelCase mode.
.properties
files:
1
spring.cloud.vault.aws-ec2.aws-ec2-path=aws-ec2
1
spring:
cloud:
vault:
aws-ec2:
aws-ec2-path: "aws-ec2"
1
java -Dspring.cloud.vault.aws-ec2.aws-ec2-path="aws-ec2" -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory. Note the placement of the system property which must be
specified before the CAS web application is launched.
1
2
3
export SPRING_CLOUD_VAULT_AWS_EC2_AWS_EC2_PATH="aws-ec2"
java -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory.
1
java -jar build/libs/cas.war --spring.cloud.vault.aws-ec2.aws-ec2-path="aws-ec2"
cas.war
with an embedded server container and can be found in the build/libs
directory.
spring.cloud.vault.aws-ec2.identity-document=http://169.254.169.254/latest/dynamic/instance-identity/pkcs7
URL of the AWS-EC2 PKCS7 identity document.
org.springframework.cloud.vault.config.VaultProperties$AwsEc2Properties.
CAS Property: spring.cloud.vault.aws-ec2.identity-document
When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value
.
The only possible exception to this rule is when naming actuator endpoints; The name of the
actuator endpoints (i.e. ssoSessions
) MUST remain in camelCase mode.
.properties
files:
1
spring.cloud.vault.aws-ec2.identity-document=http://169.254.169.254/latest/dynamic/instance-identity/pkcs7
1
spring:
cloud:
vault:
aws-ec2:
identity-document: "http://169.254.169.254/latest/dynamic/instance-identity/pkcs7"
1
java -Dspring.cloud.vault.aws-ec2.identity-document="http://169.254.169.254/latest/dynamic/instance-identity/pkcs7" -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory. Note the placement of the system property which must be
specified before the CAS web application is launched.
1
2
3
export SPRING_CLOUD_VAULT_AWS_EC2_IDENTITY_DOCUMENT="http://169.254.169.254/latest/dynamic/instance-identity/pkcs7"
java -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory.
1
java -jar build/libs/cas.war --spring.cloud.vault.aws-ec2.identity-document="http://169.254.169.254/latest/dynamic/instance-identity/pkcs7"
cas.war
with an embedded server container and can be found in the build/libs
directory.
spring.cloud.vault.aws-ec2.nonce=
Nonce used for AWS-EC2 authentication. An empty nonce defaults to nonce generation.
org.springframework.cloud.vault.config.VaultProperties$AwsEc2Properties.
CAS Property: spring.cloud.vault.aws-ec2.nonce
When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value
.
The only possible exception to this rule is when naming actuator endpoints; The name of the
actuator endpoints (i.e. ssoSessions
) MUST remain in camelCase mode.
.properties
files:
1
spring.cloud.vault.aws-ec2.nonce=...
1
spring:
cloud:
vault:
aws-ec2:
nonce: "..."
1
java -Dspring.cloud.vault.aws-ec2.nonce="..." -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory. Note the placement of the system property which must be
specified before the CAS web application is launched.
1
2
3
export SPRING_CLOUD_VAULT_AWS_EC2_NONCE="..."
java -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory.
1
java -jar build/libs/cas.war --spring.cloud.vault.aws-ec2.nonce="..."
cas.war
with an embedded server container and can be found in the build/libs
directory.
spring.cloud.vault.aws-ec2.role=
Name of the role, optional.
org.springframework.cloud.vault.config.VaultProperties$AwsEc2Properties.
CAS Property: spring.cloud.vault.aws-ec2.role
When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value
.
The only possible exception to this rule is when naming actuator endpoints; The name of the
actuator endpoints (i.e. ssoSessions
) MUST remain in camelCase mode.
.properties
files:
1
spring.cloud.vault.aws-ec2.role=...
1
spring:
cloud:
vault:
aws-ec2:
role: "..."
1
java -Dspring.cloud.vault.aws-ec2.role="..." -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory. Note the placement of the system property which must be
specified before the CAS web application is launched.
1
2
3
export SPRING_CLOUD_VAULT_AWS_EC2_ROLE="..."
java -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory.
1
java -jar build/libs/cas.war --spring.cloud.vault.aws-ec2.role="..."
cas.war
with an embedded server container and can be found in the build/libs
directory.
spring.cloud.vault.aws-iam.aws-path=aws
Mount path of the AWS authentication backend.
org.springframework.cloud.vault.config.VaultProperties$AwsIamProperties.
CAS Property: spring.cloud.vault.aws-iam.aws-path
When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value
.
The only possible exception to this rule is when naming actuator endpoints; The name of the
actuator endpoints (i.e. ssoSessions
) MUST remain in camelCase mode.
.properties
files:
1
spring.cloud.vault.aws-iam.aws-path=aws
1
spring:
cloud:
vault:
aws-iam:
aws-path: "aws"
1
java -Dspring.cloud.vault.aws-iam.aws-path="aws" -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory. Note the placement of the system property which must be
specified before the CAS web application is launched.
1
2
3
export SPRING_CLOUD_VAULT_AWS_IAM_AWS_PATH="aws"
java -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory.
1
java -jar build/libs/cas.war --spring.cloud.vault.aws-iam.aws-path="aws"
cas.war
with an embedded server container and can be found in the build/libs
directory.
spring.cloud.vault.aws-iam.endpoint-uri=
STS server URI. @since 2.2
org.springframework.cloud.vault.config.VaultProperties$AwsIamProperties.
CAS Property: spring.cloud.vault.aws-iam.endpoint-uri
When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value
.
The only possible exception to this rule is when naming actuator endpoints; The name of the
actuator endpoints (i.e. ssoSessions
) MUST remain in camelCase mode.
.properties
files:
1
spring.cloud.vault.aws-iam.endpoint-uri=...
1
spring:
cloud:
vault:
aws-iam:
endpoint-uri: "..."
1
java -Dspring.cloud.vault.aws-iam.endpoint-uri="..." -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory. Note the placement of the system property which must be
specified before the CAS web application is launched.
1
2
3
export SPRING_CLOUD_VAULT_AWS_IAM_ENDPOINT_URI="..."
java -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory.
1
java -jar build/libs/cas.war --spring.cloud.vault.aws-iam.endpoint-uri="..."
cas.war
with an embedded server container and can be found in the build/libs
directory.
spring.cloud.vault.aws-iam.region=
Name of the region, optional. Inferred by AWS defaults if not set. @since 4.0.1
org.springframework.cloud.vault.config.VaultProperties$AwsIamProperties.
CAS Property: spring.cloud.vault.aws-iam.region
When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value
.
The only possible exception to this rule is when naming actuator endpoints; The name of the
actuator endpoints (i.e. ssoSessions
) MUST remain in camelCase mode.
.properties
files:
1
spring.cloud.vault.aws-iam.region=...
1
spring:
cloud:
vault:
aws-iam:
region: "..."
1
java -Dspring.cloud.vault.aws-iam.region="..." -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory. Note the placement of the system property which must be
specified before the CAS web application is launched.
1
2
3
export SPRING_CLOUD_VAULT_AWS_IAM_REGION="..."
java -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory.
1
java -jar build/libs/cas.war --spring.cloud.vault.aws-iam.region="..."
cas.war
with an embedded server container and can be found in the build/libs
directory.
spring.cloud.vault.aws-iam.role=
Name of the role, optional. Defaults to the friendly IAM name if not set.
org.springframework.cloud.vault.config.VaultProperties$AwsIamProperties.
CAS Property: spring.cloud.vault.aws-iam.role
When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value
.
The only possible exception to this rule is when naming actuator endpoints; The name of the
actuator endpoints (i.e. ssoSessions
) MUST remain in camelCase mode.
.properties
files:
1
spring.cloud.vault.aws-iam.role=...
1
spring:
cloud:
vault:
aws-iam:
role: "..."
1
java -Dspring.cloud.vault.aws-iam.role="..." -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory. Note the placement of the system property which must be
specified before the CAS web application is launched.
1
2
3
export SPRING_CLOUD_VAULT_AWS_IAM_ROLE="..."
java -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory.
1
java -jar build/libs/cas.war --spring.cloud.vault.aws-iam.role="..."
cas.war
with an embedded server container and can be found in the build/libs
directory.
spring.cloud.vault.aws-iam.server-name=
Name of the server used to set X-Vault-AWS-IAM-Server-ID
header in the headers of login requests.
org.springframework.cloud.vault.config.VaultProperties$AwsIamProperties.
CAS Property: spring.cloud.vault.aws-iam.server-name
When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value
.
The only possible exception to this rule is when naming actuator endpoints; The name of the
actuator endpoints (i.e. ssoSessions
) MUST remain in camelCase mode.
.properties
files:
1
spring.cloud.vault.aws-iam.server-name=...
1
spring:
cloud:
vault:
aws-iam:
server-name: "..."
1
java -Dspring.cloud.vault.aws-iam.server-name="..." -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory. Note the placement of the system property which must be
specified before the CAS web application is launched.
1
2
3
export SPRING_CLOUD_VAULT_AWS_IAM_SERVER_NAME="..."
java -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory.
1
java -jar build/libs/cas.war --spring.cloud.vault.aws-iam.server-name="..."
cas.war
with an embedded server container and can be found in the build/libs
directory.
spring.cloud.vault.azure-msi.azure-path=azure
Mount path of the Azure MSI authentication backend.
org.springframework.cloud.vault.config.VaultProperties$AzureMsiProperties.
CAS Property: spring.cloud.vault.azure-msi.azure-path
When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value
.
The only possible exception to this rule is when naming actuator endpoints; The name of the
actuator endpoints (i.e. ssoSessions
) MUST remain in camelCase mode.
.properties
files:
1
spring.cloud.vault.azure-msi.azure-path=azure
1
spring:
cloud:
vault:
azure-msi:
azure-path: "azure"
1
java -Dspring.cloud.vault.azure-msi.azure-path="azure" -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory. Note the placement of the system property which must be
specified before the CAS web application is launched.
1
2
3
export SPRING_CLOUD_VAULT_AZURE_MSI_AZURE_PATH="azure"
java -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory.
1
java -jar build/libs/cas.war --spring.cloud.vault.azure-msi.azure-path="azure"
cas.war
with an embedded server container and can be found in the build/libs
directory.
spring.cloud.vault.azure-msi.identity-token-service=
Identity token service URI. @since 3.0
org.springframework.cloud.vault.config.VaultProperties$AzureMsiProperties.
CAS Property: spring.cloud.vault.azure-msi.identity-token-service
When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value
.
The only possible exception to this rule is when naming actuator endpoints; The name of the
actuator endpoints (i.e. ssoSessions
) MUST remain in camelCase mode.
.properties
files:
1
spring.cloud.vault.azure-msi.identity-token-service=...
1
spring:
cloud:
vault:
azure-msi:
identity-token-service: "..."
1
java -Dspring.cloud.vault.azure-msi.identity-token-service="..." -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory. Note the placement of the system property which must be
specified before the CAS web application is launched.
1
2
3
export SPRING_CLOUD_VAULT_AZURE_MSI_IDENTITY_TOKEN_SERVICE="..."
java -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory.
1
java -jar build/libs/cas.war --spring.cloud.vault.azure-msi.identity-token-service="..."
cas.war
with an embedded server container and can be found in the build/libs
directory.
spring.cloud.vault.azure-msi.metadata-service=
Instance metadata service URI. @since 3.0
org.springframework.cloud.vault.config.VaultProperties$AzureMsiProperties.
CAS Property: spring.cloud.vault.azure-msi.metadata-service
When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value
.
The only possible exception to this rule is when naming actuator endpoints; The name of the
actuator endpoints (i.e. ssoSessions
) MUST remain in camelCase mode.
.properties
files:
1
spring.cloud.vault.azure-msi.metadata-service=...
1
spring:
cloud:
vault:
azure-msi:
metadata-service: "..."
1
java -Dspring.cloud.vault.azure-msi.metadata-service="..." -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory. Note the placement of the system property which must be
specified before the CAS web application is launched.
1
2
3
export SPRING_CLOUD_VAULT_AZURE_MSI_METADATA_SERVICE="..."
java -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory.
1
java -jar build/libs/cas.war --spring.cloud.vault.azure-msi.metadata-service="..."
cas.war
with an embedded server container and can be found in the build/libs
directory.
spring.cloud.vault.azure-msi.role=
Name of the role.
org.springframework.cloud.vault.config.VaultProperties$AzureMsiProperties.
CAS Property: spring.cloud.vault.azure-msi.role
When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value
.
The only possible exception to this rule is when naming actuator endpoints; The name of the
actuator endpoints (i.e. ssoSessions
) MUST remain in camelCase mode.
.properties
files:
1
spring.cloud.vault.azure-msi.role=...
1
spring:
cloud:
vault:
azure-msi:
role: "..."
1
java -Dspring.cloud.vault.azure-msi.role="..." -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory. Note the placement of the system property which must be
specified before the CAS web application is launched.
1
2
3
export SPRING_CLOUD_VAULT_AZURE_MSI_ROLE="..."
java -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory.
1
java -jar build/libs/cas.war --spring.cloud.vault.azure-msi.role="..."
cas.war
with an embedded server container and can be found in the build/libs
directory.
spring.cloud.vault.config.lifecycle.enabled=true
Enable lifecycle management.
org.springframework.cloud.vault.config.VaultProperties$ConfigLifecycle.
CAS Property: spring.cloud.vault.config.lifecycle.enabled
When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value
.
The only possible exception to this rule is when naming actuator endpoints; The name of the
actuator endpoints (i.e. ssoSessions
) MUST remain in camelCase mode.
.properties
files:
1
spring.cloud.vault.config.lifecycle.enabled=true
1
spring:
cloud:
vault:
config:
lifecycle:
enabled: "true"
1
java -Dspring.cloud.vault.config.lifecycle.enabled="true" -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory. Note the placement of the system property which must be
specified before the CAS web application is launched.
1
2
3
export SPRING_CLOUD_VAULT_CONFIG_LIFECYCLE_ENABLED="true"
java -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory.
1
java -jar build/libs/cas.war --spring.cloud.vault.config.lifecycle.enabled="true"
cas.war
with an embedded server container and can be found in the build/libs
directory.
spring.cloud.vault.config.lifecycle.expiry-threshold=
The expiry threshold. Lease
is renewed the given Duration
before it expires. @since 2.2
org.springframework.cloud.vault.config.VaultProperties$ConfigLifecycle.
CAS Property: spring.cloud.vault.config.lifecycle.expiry-threshold
When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value
.
The only possible exception to this rule is when naming actuator endpoints; The name of the
actuator endpoints (i.e. ssoSessions
) MUST remain in camelCase mode.
.properties
files:
1
spring.cloud.vault.config.lifecycle.expiry-threshold=...
1
spring:
cloud:
vault:
config:
lifecycle:
expiry-threshold: "..."
1
java -Dspring.cloud.vault.config.lifecycle.expiry-threshold="..." -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory. Note the placement of the system property which must be
specified before the CAS web application is launched.
1
2
3
export SPRING_CLOUD_VAULT_CONFIG_LIFECYCLE_EXPIRY_THRESHOLD="..."
java -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory.
1
java -jar build/libs/cas.war --spring.cloud.vault.config.lifecycle.expiry-threshold="..."
cas.war
with an embedded server container and can be found in the build/libs
directory.
spring.cloud.vault.config.lifecycle.lease-endpoints=
Set the LeaseEndpoints
to delegate renewal/revocation calls to. LeaseEndpoints
encapsulates differences between Vault versions that affect the location of renewal/revocation endpoints. Can be LeaseEndpoints#SysLeases
for version 0.8 or above of Vault or LeaseEndpoints#Legacy
for older versions (the default). @since 2.2
org.springframework.cloud.vault.config.VaultProperties$ConfigLifecycle.
CAS Property: spring.cloud.vault.config.lifecycle.lease-endpoints
When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value
.
The only possible exception to this rule is when naming actuator endpoints; The name of the
actuator endpoints (i.e. ssoSessions
) MUST remain in camelCase mode.
.properties
files:
1
spring.cloud.vault.config.lifecycle.lease-endpoints=...
1
spring:
cloud:
vault:
config:
lifecycle:
lease-endpoints: "..."
1
java -Dspring.cloud.vault.config.lifecycle.lease-endpoints="..." -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory. Note the placement of the system property which must be
specified before the CAS web application is launched.
1
2
3
export SPRING_CLOUD_VAULT_CONFIG_LIFECYCLE_LEASE_ENDPOINTS="..."
java -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory.
1
java -jar build/libs/cas.war --spring.cloud.vault.config.lifecycle.lease-endpoints="..."
cas.war
with an embedded server container and can be found in the build/libs
directory.
spring.cloud.vault.config.lifecycle.lease-strategy=
Sets the LeaseStrategy
to be used with org.springframework.vault.core.lease.SecretLeaseContainer#setLeaseStrategy(LeaseStrategy)
to retain or drop tokens on renewal errors. @since 4.1
org.springframework.cloud.vault.config.VaultProperties$ConfigLifecycle.
CAS Property: spring.cloud.vault.config.lifecycle.lease-strategy
When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value
.
The only possible exception to this rule is when naming actuator endpoints; The name of the
actuator endpoints (i.e. ssoSessions
) MUST remain in camelCase mode.
.properties
files:
1
spring.cloud.vault.config.lifecycle.lease-strategy=...
1
spring:
cloud:
vault:
config:
lifecycle:
lease-strategy: "..."
1
java -Dspring.cloud.vault.config.lifecycle.lease-strategy="..." -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory. Note the placement of the system property which must be
specified before the CAS web application is launched.
1
2
3
export SPRING_CLOUD_VAULT_CONFIG_LIFECYCLE_LEASE_STRATEGY="..."
java -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory.
1
java -jar build/libs/cas.war --spring.cloud.vault.config.lifecycle.lease-strategy="..."
cas.war
with an embedded server container and can be found in the build/libs
directory.
spring.cloud.vault.config.lifecycle.min-renewal=
The time period that is at least required before renewing a lease. @since 2.2
org.springframework.cloud.vault.config.VaultProperties$ConfigLifecycle.
CAS Property: spring.cloud.vault.config.lifecycle.min-renewal
When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value
.
The only possible exception to this rule is when naming actuator endpoints; The name of the
actuator endpoints (i.e. ssoSessions
) MUST remain in camelCase mode.
.properties
files:
1
spring.cloud.vault.config.lifecycle.min-renewal=...
1
spring:
cloud:
vault:
config:
lifecycle:
min-renewal: "..."
1
java -Dspring.cloud.vault.config.lifecycle.min-renewal="..." -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory. Note the placement of the system property which must be
specified before the CAS web application is launched.
1
2
3
export SPRING_CLOUD_VAULT_CONFIG_LIFECYCLE_MIN_RENEWAL="..."
java -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory.
1
java -jar build/libs/cas.war --spring.cloud.vault.config.lifecycle.min-renewal="..."
cas.war
with an embedded server container and can be found in the build/libs
directory.
spring.cloud.vault.config.order=0
Used to set a org.springframework.core.env.PropertySource
priority. This is useful to use Vault as an override on other property sources. @see org.springframework.core.PriorityOrdered
org.springframework.cloud.vault.config.VaultProperties$Config.
CAS Property: spring.cloud.vault.config.order
When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value
.
The only possible exception to this rule is when naming actuator endpoints; The name of the
actuator endpoints (i.e. ssoSessions
) MUST remain in camelCase mode.
.properties
files:
1
spring.cloud.vault.config.order=0
1
spring:
cloud:
vault:
config:
order: "0"
1
java -Dspring.cloud.vault.config.order="0" -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory. Note the placement of the system property which must be
specified before the CAS web application is launched.
1
2
3
export SPRING_CLOUD_VAULT_CONFIG_ORDER="0"
java -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory.
1
java -jar build/libs/cas.war --spring.cloud.vault.config.order="0"
cas.war
with an embedded server container and can be found in the build/libs
directory.
Deprecation status is WARNING
without a replacement setting.
spring.cloud.vault.connection-timeout=5000
Connection timeout.
org.springframework.cloud.vault.config.VaultProperties.
CAS Property: spring.cloud.vault.connection-timeout
When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value
.
The only possible exception to this rule is when naming actuator endpoints; The name of the
actuator endpoints (i.e. ssoSessions
) MUST remain in camelCase mode.
.properties
files:
1
spring.cloud.vault.connection-timeout=5000
1
spring:
cloud:
vault:
connection-timeout: "5000"
1
java -Dspring.cloud.vault.connection-timeout="5000" -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory. Note the placement of the system property which must be
specified before the CAS web application is launched.
1
2
3
export SPRING_CLOUD_VAULT_CONNECTION_TIMEOUT="5000"
java -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory.
1
java -jar build/libs/cas.war --spring.cloud.vault.connection-timeout="5000"
cas.war
with an embedded server container and can be found in the build/libs
directory.
spring.cloud.vault.discovery.enabled=false
Flag to indicate that Vault server discovery is enabled (vault server URL will be looked up via discovery).
org.springframework.cloud.vault.config.VaultProperties$Discovery.
CAS Property: spring.cloud.vault.discovery.enabled
When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value
.
The only possible exception to this rule is when naming actuator endpoints; The name of the
actuator endpoints (i.e. ssoSessions
) MUST remain in camelCase mode.
.properties
files:
1
spring.cloud.vault.discovery.enabled=...
1
spring:
cloud:
vault:
discovery:
enabled: "..."
1
java -Dspring.cloud.vault.discovery.enabled="..." -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory. Note the placement of the system property which must be
specified before the CAS web application is launched.
1
2
3
export SPRING_CLOUD_VAULT_DISCOVERY_ENABLED="..."
java -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory.
1
java -jar build/libs/cas.war --spring.cloud.vault.discovery.enabled="..."
cas.war
with an embedded server container and can be found in the build/libs
directory.
spring.cloud.vault.discovery.service-id=vault
Service id to locate Vault.
org.springframework.cloud.vault.config.VaultProperties$Discovery.
CAS Property: spring.cloud.vault.discovery.service-id
When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value
.
The only possible exception to this rule is when naming actuator endpoints; The name of the
actuator endpoints (i.e. ssoSessions
) MUST remain in camelCase mode.
.properties
files:
1
spring.cloud.vault.discovery.service-id=vault
1
spring:
cloud:
vault:
discovery:
service-id: "vault"
1
java -Dspring.cloud.vault.discovery.service-id="vault" -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory. Note the placement of the system property which must be
specified before the CAS web application is launched.
1
2
3
export SPRING_CLOUD_VAULT_DISCOVERY_SERVICE_ID="vault"
java -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory.
1
java -jar build/libs/cas.war --spring.cloud.vault.discovery.service-id="vault"
cas.war
with an embedded server container and can be found in the build/libs
directory.
spring.cloud.vault.enabled=true
Enable Vault config server.
org.springframework.cloud.vault.config.VaultProperties.
CAS Property: spring.cloud.vault.enabled
When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value
.
The only possible exception to this rule is when naming actuator endpoints; The name of the
actuator endpoints (i.e. ssoSessions
) MUST remain in camelCase mode.
.properties
files:
1
spring.cloud.vault.enabled=true
1
spring:
cloud:
vault:
enabled: "true"
1
java -Dspring.cloud.vault.enabled="true" -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory. Note the placement of the system property which must be
specified before the CAS web application is launched.
1
2
3
export SPRING_CLOUD_VAULT_ENABLED="true"
java -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory.
1
java -jar build/libs/cas.war --spring.cloud.vault.enabled="true"
cas.war
with an embedded server container and can be found in the build/libs
directory.
spring.cloud.vault.fail-fast=false
Fail fast if data cannot be obtained from Vault.
org.springframework.cloud.vault.config.VaultProperties.
CAS Property: spring.cloud.vault.fail-fast
When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value
.
The only possible exception to this rule is when naming actuator endpoints; The name of the
actuator endpoints (i.e. ssoSessions
) MUST remain in camelCase mode.
.properties
files:
1
spring.cloud.vault.fail-fast=...
1
spring:
cloud:
vault:
fail-fast: "..."
1
java -Dspring.cloud.vault.fail-fast="..." -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory. Note the placement of the system property which must be
specified before the CAS web application is launched.
1
2
3
export SPRING_CLOUD_VAULT_FAIL_FAST="..."
java -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory.
1
java -jar build/libs/cas.war --spring.cloud.vault.fail-fast="..."
cas.war
with an embedded server container and can be found in the build/libs
directory.
spring.cloud.vault.gcp-gce.gcp-path=gcp
Mount path of the Kubernetes authentication backend.
org.springframework.cloud.vault.config.VaultProperties$GcpGceProperties.
CAS Property: spring.cloud.vault.gcp-gce.gcp-path
When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value
.
The only possible exception to this rule is when naming actuator endpoints; The name of the
actuator endpoints (i.e. ssoSessions
) MUST remain in camelCase mode.
.properties
files:
1
spring.cloud.vault.gcp-gce.gcp-path=gcp
1
spring:
cloud:
vault:
gcp-gce:
gcp-path: "gcp"
1
java -Dspring.cloud.vault.gcp-gce.gcp-path="gcp" -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory. Note the placement of the system property which must be
specified before the CAS web application is launched.
1
2
3
export SPRING_CLOUD_VAULT_GCP_GCE_GCP_PATH="gcp"
java -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory.
1
java -jar build/libs/cas.war --spring.cloud.vault.gcp-gce.gcp-path="gcp"
cas.war
with an embedded server container and can be found in the build/libs
directory.
spring.cloud.vault.gcp-gce.role=
Name of the role against which the login is being attempted.
org.springframework.cloud.vault.config.VaultProperties$GcpGceProperties.
CAS Property: spring.cloud.vault.gcp-gce.role
When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value
.
The only possible exception to this rule is when naming actuator endpoints; The name of the
actuator endpoints (i.e. ssoSessions
) MUST remain in camelCase mode.
.properties
files:
1
spring.cloud.vault.gcp-gce.role=...
1
spring:
cloud:
vault:
gcp-gce:
role: "..."
1
java -Dspring.cloud.vault.gcp-gce.role="..." -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory. Note the placement of the system property which must be
specified before the CAS web application is launched.
1
2
3
export SPRING_CLOUD_VAULT_GCP_GCE_ROLE="..."
java -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory.
1
java -jar build/libs/cas.war --spring.cloud.vault.gcp-gce.role="..."
cas.war
with an embedded server container and can be found in the build/libs
directory.
spring.cloud.vault.gcp-gce.service-account=
Optional service account id. Using the default id if left unconfigured.
org.springframework.cloud.vault.config.VaultProperties$GcpGceProperties.
CAS Property: spring.cloud.vault.gcp-gce.service-account
When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value
.
The only possible exception to this rule is when naming actuator endpoints; The name of the
actuator endpoints (i.e. ssoSessions
) MUST remain in camelCase mode.
.properties
files:
1
spring.cloud.vault.gcp-gce.service-account=...
1
spring:
cloud:
vault:
gcp-gce:
service-account: "..."
1
java -Dspring.cloud.vault.gcp-gce.service-account="..." -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory. Note the placement of the system property which must be
specified before the CAS web application is launched.
1
2
3
export SPRING_CLOUD_VAULT_GCP_GCE_SERVICE_ACCOUNT="..."
java -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory.
1
java -jar build/libs/cas.war --spring.cloud.vault.gcp-gce.service-account="..."
cas.war
with an embedded server container and can be found in the build/libs
directory.
spring.cloud.vault.gcp-iam.credentials.encoded-key=
The base64 encoded contents of an OAuth2 account private key in JSON format.
org.springframework.cloud.vault.config.VaultProperties$GcpCredentials.
CAS Property: spring.cloud.vault.gcp-iam.credentials.encoded-key
When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value
.
The only possible exception to this rule is when naming actuator endpoints; The name of the
actuator endpoints (i.e. ssoSessions
) MUST remain in camelCase mode.
.properties
files:
1
spring.cloud.vault.gcp-iam.credentials.encoded-key=...
1
spring:
cloud:
vault:
gcp-iam:
credentials:
encoded-key: "..."
1
java -Dspring.cloud.vault.gcp-iam.credentials.encoded-key="..." -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory. Note the placement of the system property which must be
specified before the CAS web application is launched.
1
2
3
export SPRING_CLOUD_VAULT_GCP_IAM_CREDENTIALS_ENCODED_KEY="..."
java -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory.
1
java -jar build/libs/cas.war --spring.cloud.vault.gcp-iam.credentials.encoded-key="..."
cas.war
with an embedded server container and can be found in the build/libs
directory.
spring.cloud.vault.gcp-iam.credentials.location=
Location of the OAuth2 credentials private key.
Since this is a Resource, the private key can be in a multitude of locations, such as a local file system, classpath, URL, etc. org.springframework.cloud.vault.config.VaultProperties$GcpCredentials.
CAS Property: spring.cloud.vault.gcp-iam.credentials.location
When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value
.
The only possible exception to this rule is when naming actuator endpoints; The name of the
actuator endpoints (i.e. ssoSessions
) MUST remain in camelCase mode.
.properties
files:
1
spring.cloud.vault.gcp-iam.credentials.location=...
1
spring:
cloud:
vault:
gcp-iam:
credentials:
location: "..."
1
java -Dspring.cloud.vault.gcp-iam.credentials.location="..." -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory. Note the placement of the system property which must be
specified before the CAS web application is launched.
1
2
3
export SPRING_CLOUD_VAULT_GCP_IAM_CREDENTIALS_LOCATION="..."
java -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory.
1
java -jar build/libs/cas.war --spring.cloud.vault.gcp-iam.credentials.location="..."
cas.war
with an embedded server container and can be found in the build/libs
directory.
spring.cloud.vault.gcp-iam.gcp-path=gcp
Mount path of the Kubernetes authentication backend.
org.springframework.cloud.vault.config.VaultProperties$GcpIamProperties.
CAS Property: spring.cloud.vault.gcp-iam.gcp-path
When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value
.
The only possible exception to this rule is when naming actuator endpoints; The name of the
actuator endpoints (i.e. ssoSessions
) MUST remain in camelCase mode.
.properties
files:
1
spring.cloud.vault.gcp-iam.gcp-path=gcp
1
spring:
cloud:
vault:
gcp-iam:
gcp-path: "gcp"
1
java -Dspring.cloud.vault.gcp-iam.gcp-path="gcp" -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory. Note the placement of the system property which must be
specified before the CAS web application is launched.
1
2
3
export SPRING_CLOUD_VAULT_GCP_IAM_GCP_PATH="gcp"
java -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory.
1
java -jar build/libs/cas.war --spring.cloud.vault.gcp-iam.gcp-path="gcp"
cas.war
with an embedded server container and can be found in the build/libs
directory.
spring.cloud.vault.gcp-iam.jwt-validity=15m
Validity of the JWT token.
org.springframework.cloud.vault.config.VaultProperties$GcpIamProperties.
CAS Property: spring.cloud.vault.gcp-iam.jwt-validity
When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value
.
The only possible exception to this rule is when naming actuator endpoints; The name of the
actuator endpoints (i.e. ssoSessions
) MUST remain in camelCase mode.
.properties
files:
1
spring.cloud.vault.gcp-iam.jwt-validity=15m
1
spring:
cloud:
vault:
gcp-iam:
jwt-validity: "15m"
1
java -Dspring.cloud.vault.gcp-iam.jwt-validity="15m" -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory. Note the placement of the system property which must be
specified before the CAS web application is launched.
1
2
3
export SPRING_CLOUD_VAULT_GCP_IAM_JWT_VALIDITY="15m"
java -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory.
1
java -jar build/libs/cas.war --spring.cloud.vault.gcp-iam.jwt-validity="15m"
cas.war
with an embedded server container and can be found in the build/libs
directory.
spring.cloud.vault.gcp-iam.project-id=
Overrides the GCP project Id.
org.springframework.cloud.vault.config.VaultProperties$GcpIamProperties.
CAS Property: spring.cloud.vault.gcp-iam.project-id
When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value
.
The only possible exception to this rule is when naming actuator endpoints; The name of the
actuator endpoints (i.e. ssoSessions
) MUST remain in camelCase mode.
.properties
files:
1
spring.cloud.vault.gcp-iam.project-id=...
1
spring:
cloud:
vault:
gcp-iam:
project-id: "..."
1
java -Dspring.cloud.vault.gcp-iam.project-id="..." -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory. Note the placement of the system property which must be
specified before the CAS web application is launched.
1
2
3
export SPRING_CLOUD_VAULT_GCP_IAM_PROJECT_ID="..."
java -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory.
1
java -jar build/libs/cas.war --spring.cloud.vault.gcp-iam.project-id="..."
cas.war
with an embedded server container and can be found in the build/libs
directory.
spring.cloud.vault.gcp-iam.role=
Name of the role against which the login is being attempted.
org.springframework.cloud.vault.config.VaultProperties$GcpIamProperties.
CAS Property: spring.cloud.vault.gcp-iam.role
When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value
.
The only possible exception to this rule is when naming actuator endpoints; The name of the
actuator endpoints (i.e. ssoSessions
) MUST remain in camelCase mode.
.properties
files:
1
spring.cloud.vault.gcp-iam.role=...
1
spring:
cloud:
vault:
gcp-iam:
role: "..."
1
java -Dspring.cloud.vault.gcp-iam.role="..." -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory. Note the placement of the system property which must be
specified before the CAS web application is launched.
1
2
3
export SPRING_CLOUD_VAULT_GCP_IAM_ROLE="..."
java -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory.
1
java -jar build/libs/cas.war --spring.cloud.vault.gcp-iam.role="..."
cas.war
with an embedded server container and can be found in the build/libs
directory.
spring.cloud.vault.gcp-iam.service-account-id=
Overrides the GCP service account Id.
org.springframework.cloud.vault.config.VaultProperties$GcpIamProperties.
CAS Property: spring.cloud.vault.gcp-iam.service-account-id
When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value
.
The only possible exception to this rule is when naming actuator endpoints; The name of the
actuator endpoints (i.e. ssoSessions
) MUST remain in camelCase mode.
.properties
files:
1
spring.cloud.vault.gcp-iam.service-account-id=...
1
spring:
cloud:
vault:
gcp-iam:
service-account-id: "..."
1
java -Dspring.cloud.vault.gcp-iam.service-account-id="..." -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory. Note the placement of the system property which must be
specified before the CAS web application is launched.
1
2
3
export SPRING_CLOUD_VAULT_GCP_IAM_SERVICE_ACCOUNT_ID="..."
java -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory.
1
java -jar build/libs/cas.war --spring.cloud.vault.gcp-iam.service-account-id="..."
cas.war
with an embedded server container and can be found in the build/libs
directory.
spring.cloud.vault.host=localhost
Vault server host.
org.springframework.cloud.vault.config.VaultProperties.
CAS Property: spring.cloud.vault.host
When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value
.
The only possible exception to this rule is when naming actuator endpoints; The name of the
actuator endpoints (i.e. ssoSessions
) MUST remain in camelCase mode.
.properties
files:
1
spring.cloud.vault.host=localhost
1
spring:
cloud:
vault:
host: "localhost"
1
java -Dspring.cloud.vault.host="localhost" -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory. Note the placement of the system property which must be
specified before the CAS web application is launched.
1
2
3
export SPRING_CLOUD_VAULT_HOST="localhost"
java -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory.
1
java -jar build/libs/cas.war --spring.cloud.vault.host="localhost"
cas.war
with an embedded server container and can be found in the build/libs
directory.
spring.cloud.vault.kubernetes.kubernetes-path=kubernetes
Mount path of the Kubernetes authentication backend.
org.springframework.cloud.vault.config.VaultProperties$KubernetesProperties.
CAS Property: spring.cloud.vault.kubernetes.kubernetes-path
When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value
.
The only possible exception to this rule is when naming actuator endpoints; The name of the
actuator endpoints (i.e. ssoSessions
) MUST remain in camelCase mode.
.properties
files:
1
spring.cloud.vault.kubernetes.kubernetes-path=kubernetes
1
spring:
cloud:
vault:
kubernetes:
kubernetes-path: "kubernetes"
1
java -Dspring.cloud.vault.kubernetes.kubernetes-path="kubernetes" -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory. Note the placement of the system property which must be
specified before the CAS web application is launched.
1
2
3
export SPRING_CLOUD_VAULT_KUBERNETES_KUBERNETES_PATH="kubernetes"
java -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory.
1
java -jar build/libs/cas.war --spring.cloud.vault.kubernetes.kubernetes-path="kubernetes"
cas.war
with an embedded server container and can be found in the build/libs
directory.
spring.cloud.vault.kubernetes.role=
Name of the role against which the login is being attempted.
org.springframework.cloud.vault.config.VaultProperties$KubernetesProperties.
CAS Property: spring.cloud.vault.kubernetes.role
When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value
.
The only possible exception to this rule is when naming actuator endpoints; The name of the
actuator endpoints (i.e. ssoSessions
) MUST remain in camelCase mode.
.properties
files:
1
spring.cloud.vault.kubernetes.role=...
1
spring:
cloud:
vault:
kubernetes:
role: "..."
1
java -Dspring.cloud.vault.kubernetes.role="..." -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory. Note the placement of the system property which must be
specified before the CAS web application is launched.
1
2
3
export SPRING_CLOUD_VAULT_KUBERNETES_ROLE="..."
java -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory.
1
java -jar build/libs/cas.war --spring.cloud.vault.kubernetes.role="..."
cas.war
with an embedded server container and can be found in the build/libs
directory.
spring.cloud.vault.kubernetes.service-account-token-file=/var/run/secrets/kubernetes.io/serviceaccount/token
Path to the service account token file.
org.springframework.cloud.vault.config.VaultProperties$KubernetesProperties.
CAS Property: spring.cloud.vault.kubernetes.service-account-token-file
When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value
.
The only possible exception to this rule is when naming actuator endpoints; The name of the
actuator endpoints (i.e. ssoSessions
) MUST remain in camelCase mode.
.properties
files:
1
spring.cloud.vault.kubernetes.service-account-token-file=/var/run/secrets/kubernetes.io/serviceaccount/token
1
spring:
cloud:
vault:
kubernetes:
service-account-token-file: "/var/run/secrets/kubernetes.io/serviceaccount/token"
1
java -Dspring.cloud.vault.kubernetes.service-account-token-file="/var/run/secrets/kubernetes.io/serviceaccount/token" -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory. Note the placement of the system property which must be
specified before the CAS web application is launched.
1
2
3
export SPRING_CLOUD_VAULT_KUBERNETES_SERVICE_ACCOUNT_TOKEN_FILE="/var/run/secrets/kubernetes.io/serviceaccount/token"
java -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory.
1
java -jar build/libs/cas.war --spring.cloud.vault.kubernetes.service-account-token-file="/var/run/secrets/kubernetes.io/serviceaccount/token"
cas.war
with an embedded server container and can be found in the build/libs
directory.
spring.cloud.vault.kv.application-name=application
Application name to be used for the context.
org.springframework.cloud.vault.config.VaultKeyValueBackendProperties.
CAS Property: spring.cloud.vault.kv.application-name
When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value
.
The only possible exception to this rule is when naming actuator endpoints; The name of the
actuator endpoints (i.e. ssoSessions
) MUST remain in camelCase mode.
.properties
files:
1
spring.cloud.vault.kv.application-name=application
1
spring:
cloud:
vault:
kv:
application-name: "application"
1
java -Dspring.cloud.vault.kv.application-name="application" -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory. Note the placement of the system property which must be
specified before the CAS web application is launched.
1
2
3
export SPRING_CLOUD_VAULT_KV_APPLICATION_NAME="application"
java -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory.
1
java -jar build/libs/cas.war --spring.cloud.vault.kv.application-name="application"
cas.war
with an embedded server container and can be found in the build/libs
directory.
spring.cloud.vault.kv.backend=secret
Name of the default backend.
org.springframework.cloud.vault.config.VaultKeyValueBackendProperties.
CAS Property: spring.cloud.vault.kv.backend
When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value
.
The only possible exception to this rule is when naming actuator endpoints; The name of the
actuator endpoints (i.e. ssoSessions
) MUST remain in camelCase mode.
.properties
files:
1
spring.cloud.vault.kv.backend=secret
1
spring:
cloud:
vault:
kv:
backend: "secret"
1
java -Dspring.cloud.vault.kv.backend="secret" -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory. Note the placement of the system property which must be
specified before the CAS web application is launched.
1
2
3
export SPRING_CLOUD_VAULT_KV_BACKEND="secret"
java -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory.
1
java -jar build/libs/cas.war --spring.cloud.vault.kv.backend="secret"
cas.war
with an embedded server container and can be found in the build/libs
directory.
spring.cloud.vault.kv.backend-version=2
Key-Value backend version. Currently supported versions are:
- Version 1 (unversioned key-value backend).
- Version 2 (versioned key-value backend).
org.springframework.cloud.vault.config.VaultKeyValueBackendProperties.
CAS Property: spring.cloud.vault.kv.backend-version
When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value
.
The only possible exception to this rule is when naming actuator endpoints; The name of the
actuator endpoints (i.e. ssoSessions
) MUST remain in camelCase mode.
.properties
files:
1
spring.cloud.vault.kv.backend-version=2
1
spring:
cloud:
vault:
kv:
backend-version: "2"
1
java -Dspring.cloud.vault.kv.backend-version="2" -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory. Note the placement of the system property which must be
specified before the CAS web application is launched.
1
2
3
export SPRING_CLOUD_VAULT_KV_BACKEND_VERSION="2"
java -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory.
1
java -jar build/libs/cas.war --spring.cloud.vault.kv.backend-version="2"
cas.war
with an embedded server container and can be found in the build/libs
directory.
Deprecation status is WARNING
without a replacement setting.
spring.cloud.vault.kv.default-context=application
Name of the default context.
org.springframework.cloud.vault.config.VaultKeyValueBackendProperties.
CAS Property: spring.cloud.vault.kv.default-context
When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value
.
The only possible exception to this rule is when naming actuator endpoints; The name of the
actuator endpoints (i.e. ssoSessions
) MUST remain in camelCase mode.
.properties
files:
1
spring.cloud.vault.kv.default-context=application
1
spring:
cloud:
vault:
kv:
default-context: "application"
1
java -Dspring.cloud.vault.kv.default-context="application" -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory. Note the placement of the system property which must be
specified before the CAS web application is launched.
1
2
3
export SPRING_CLOUD_VAULT_KV_DEFAULT_CONTEXT="application"
java -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory.
1
java -jar build/libs/cas.war --spring.cloud.vault.kv.default-context="application"
cas.war
with an embedded server container and can be found in the build/libs
directory.
spring.cloud.vault.kv.enabled=true
Enable the key-value backend.
org.springframework.cloud.vault.config.VaultKeyValueBackendProperties.
CAS Property: spring.cloud.vault.kv.enabled
When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value
.
The only possible exception to this rule is when naming actuator endpoints; The name of the
actuator endpoints (i.e. ssoSessions
) MUST remain in camelCase mode.
.properties
files:
1
spring.cloud.vault.kv.enabled=true
1
spring:
cloud:
vault:
kv:
enabled: "true"
1
java -Dspring.cloud.vault.kv.enabled="true" -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory. Note the placement of the system property which must be
specified before the CAS web application is launched.
1
2
3
export SPRING_CLOUD_VAULT_KV_ENABLED="true"
java -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory.
1
java -jar build/libs/cas.war --spring.cloud.vault.kv.enabled="true"
cas.war
with an embedded server container and can be found in the build/libs
directory.
spring.cloud.vault.kv.profile-separator=/
Profile-separator to combine application name and profile.
org.springframework.cloud.vault.config.VaultKeyValueBackendProperties.
CAS Property: spring.cloud.vault.kv.profile-separator
When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value
.
The only possible exception to this rule is when naming actuator endpoints; The name of the
actuator endpoints (i.e. ssoSessions
) MUST remain in camelCase mode.
.properties
files:
1
spring.cloud.vault.kv.profile-separator=/
1
spring:
cloud:
vault:
kv:
profile-separator: "/"
1
java -Dspring.cloud.vault.kv.profile-separator="/" -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory. Note the placement of the system property which must be
specified before the CAS web application is launched.
1
2
3
export SPRING_CLOUD_VAULT_KV_PROFILE_SEPARATOR="/"
java -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory.
1
java -jar build/libs/cas.war --spring.cloud.vault.kv.profile-separator="/"
cas.war
with an embedded server container and can be found in the build/libs
directory.
spring.cloud.vault.kv.profiles=
List of active profiles. @since 3.0
org.springframework.cloud.vault.config.VaultKeyValueBackendProperties.
CAS Property: spring.cloud.vault.kv.profiles
When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value
.
The only possible exception to this rule is when naming actuator endpoints; The name of the
actuator endpoints (i.e. ssoSessions
) MUST remain in camelCase mode.
.properties
files:
1
spring.cloud.vault.kv.profiles=...
1
spring:
cloud:
vault:
kv:
profiles: "..."
1
java -Dspring.cloud.vault.kv.profiles="..." -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory. Note the placement of the system property which must be
specified before the CAS web application is launched.
1
2
3
export SPRING_CLOUD_VAULT_KV_PROFILES="..."
java -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory.
1
java -jar build/libs/cas.war --spring.cloud.vault.kv.profiles="..."
cas.war
with an embedded server container and can be found in the build/libs
directory.
spring.cloud.vault.namespace=
Vault namespace (requires Vault Enterprise).
org.springframework.cloud.vault.config.VaultProperties.
CAS Property: spring.cloud.vault.namespace
When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value
.
The only possible exception to this rule is when naming actuator endpoints; The name of the
actuator endpoints (i.e. ssoSessions
) MUST remain in camelCase mode.
.properties
files:
1
spring.cloud.vault.namespace=...
1
spring:
cloud:
vault:
namespace: "..."
1
java -Dspring.cloud.vault.namespace="..." -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory. Note the placement of the system property which must be
specified before the CAS web application is launched.
1
2
3
export SPRING_CLOUD_VAULT_NAMESPACE="..."
java -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory.
1
java -jar build/libs/cas.war --spring.cloud.vault.namespace="..."
cas.war
with an embedded server container and can be found in the build/libs
directory.
spring.cloud.vault.pcf.instance-certificate=
Path to the instance certificate (PEM). Defaults to CF_INSTANCE_CERT
env variable.
org.springframework.cloud.vault.config.VaultProperties$PcfProperties.
CAS Property: spring.cloud.vault.pcf.instance-certificate
When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value
.
The only possible exception to this rule is when naming actuator endpoints; The name of the
actuator endpoints (i.e. ssoSessions
) MUST remain in camelCase mode.
.properties
files:
1
spring.cloud.vault.pcf.instance-certificate=...
1
spring:
cloud:
vault:
pcf:
instance-certificate: "..."
1
java -Dspring.cloud.vault.pcf.instance-certificate="..." -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory. Note the placement of the system property which must be
specified before the CAS web application is launched.
1
2
3
export SPRING_CLOUD_VAULT_PCF_INSTANCE_CERTIFICATE="..."
java -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory.
1
java -jar build/libs/cas.war --spring.cloud.vault.pcf.instance-certificate="..."
cas.war
with an embedded server container and can be found in the build/libs
directory.
spring.cloud.vault.pcf.instance-key=
Path to the instance key (PEM). Defaults to CF_INSTANCE_KEY
env variable.
org.springframework.cloud.vault.config.VaultProperties$PcfProperties.
CAS Property: spring.cloud.vault.pcf.instance-key
When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value
.
The only possible exception to this rule is when naming actuator endpoints; The name of the
actuator endpoints (i.e. ssoSessions
) MUST remain in camelCase mode.
.properties
files:
1
spring.cloud.vault.pcf.instance-key=...
1
spring:
cloud:
vault:
pcf:
instance-key: "..."
1
java -Dspring.cloud.vault.pcf.instance-key="..." -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory. Note the placement of the system property which must be
specified before the CAS web application is launched.
1
2
3
export SPRING_CLOUD_VAULT_PCF_INSTANCE_KEY="..."
java -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory.
1
java -jar build/libs/cas.war --spring.cloud.vault.pcf.instance-key="..."
cas.war
with an embedded server container and can be found in the build/libs
directory.
spring.cloud.vault.pcf.pcf-path=pcf
Mount path of the Kubernetes authentication backend.
org.springframework.cloud.vault.config.VaultProperties$PcfProperties.
CAS Property: spring.cloud.vault.pcf.pcf-path
When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value
.
The only possible exception to this rule is when naming actuator endpoints; The name of the
actuator endpoints (i.e. ssoSessions
) MUST remain in camelCase mode.
.properties
files:
1
spring.cloud.vault.pcf.pcf-path=pcf
1
spring:
cloud:
vault:
pcf:
pcf-path: "pcf"
1
java -Dspring.cloud.vault.pcf.pcf-path="pcf" -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory. Note the placement of the system property which must be
specified before the CAS web application is launched.
1
2
3
export SPRING_CLOUD_VAULT_PCF_PCF_PATH="pcf"
java -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory.
1
java -jar build/libs/cas.war --spring.cloud.vault.pcf.pcf-path="pcf"
cas.war
with an embedded server container and can be found in the build/libs
directory.
spring.cloud.vault.pcf.role=
Name of the role against which the login is being attempted.
org.springframework.cloud.vault.config.VaultProperties$PcfProperties.
CAS Property: spring.cloud.vault.pcf.role
When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value
.
The only possible exception to this rule is when naming actuator endpoints; The name of the
actuator endpoints (i.e. ssoSessions
) MUST remain in camelCase mode.
.properties
files:
1
spring.cloud.vault.pcf.role=...
1
spring:
cloud:
vault:
pcf:
role: "..."
1
java -Dspring.cloud.vault.pcf.role="..." -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory. Note the placement of the system property which must be
specified before the CAS web application is launched.
1
2
3
export SPRING_CLOUD_VAULT_PCF_ROLE="..."
java -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory.
1
java -jar build/libs/cas.war --spring.cloud.vault.pcf.role="..."
cas.war
with an embedded server container and can be found in the build/libs
directory.
spring.cloud.vault.port=8200
Vault server port.
org.springframework.cloud.vault.config.VaultProperties.
CAS Property: spring.cloud.vault.port
When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value
.
The only possible exception to this rule is when naming actuator endpoints; The name of the
actuator endpoints (i.e. ssoSessions
) MUST remain in camelCase mode.
.properties
files:
1
spring.cloud.vault.port=8200
1
spring:
cloud:
vault:
port: "8200"
1
java -Dspring.cloud.vault.port="8200" -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory. Note the placement of the system property which must be
specified before the CAS web application is launched.
1
2
3
export SPRING_CLOUD_VAULT_PORT="8200"
java -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory.
1
java -jar build/libs/cas.war --spring.cloud.vault.port="8200"
cas.war
with an embedded server container and can be found in the build/libs
directory.
spring.cloud.vault.reactive.enabled=true
Flag to indicate that reactive discovery is enabled
org.springframework.cloud.vault.config.VaultProperties$Reactive.
CAS Property: spring.cloud.vault.reactive.enabled
When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value
.
The only possible exception to this rule is when naming actuator endpoints; The name of the
actuator endpoints (i.e. ssoSessions
) MUST remain in camelCase mode.
.properties
files:
1
spring.cloud.vault.reactive.enabled=true
1
spring:
cloud:
vault:
reactive:
enabled: "true"
1
java -Dspring.cloud.vault.reactive.enabled="true" -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory. Note the placement of the system property which must be
specified before the CAS web application is launched.
1
2
3
export SPRING_CLOUD_VAULT_REACTIVE_ENABLED="true"
java -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory.
1
java -jar build/libs/cas.war --spring.cloud.vault.reactive.enabled="true"
cas.war
with an embedded server container and can be found in the build/libs
directory.
spring.cloud.vault.read-timeout=15000
Read timeout.
org.springframework.cloud.vault.config.VaultProperties.
CAS Property: spring.cloud.vault.read-timeout
When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value
.
The only possible exception to this rule is when naming actuator endpoints; The name of the
actuator endpoints (i.e. ssoSessions
) MUST remain in camelCase mode.
.properties
files:
1
spring.cloud.vault.read-timeout=15000
1
spring:
cloud:
vault:
read-timeout: "15000"
1
java -Dspring.cloud.vault.read-timeout="15000" -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory. Note the placement of the system property which must be
specified before the CAS web application is launched.
1
2
3
export SPRING_CLOUD_VAULT_READ_TIMEOUT="15000"
java -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory.
1
java -jar build/libs/cas.war --spring.cloud.vault.read-timeout="15000"
cas.war
with an embedded server container and can be found in the build/libs
directory.
spring.cloud.vault.scheme=https
Protocol scheme. Can be either "http" or "https".
org.springframework.cloud.vault.config.VaultProperties.
CAS Property: spring.cloud.vault.scheme
When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value
.
The only possible exception to this rule is when naming actuator endpoints; The name of the
actuator endpoints (i.e. ssoSessions
) MUST remain in camelCase mode.
.properties
files:
1
spring.cloud.vault.scheme=https
1
spring:
cloud:
vault:
scheme: "https"
1
java -Dspring.cloud.vault.scheme="https" -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory. Note the placement of the system property which must be
specified before the CAS web application is launched.
1
2
3
export SPRING_CLOUD_VAULT_SCHEME="https"
java -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory.
1
java -jar build/libs/cas.war --spring.cloud.vault.scheme="https"
cas.war
with an embedded server container and can be found in the build/libs
directory.
spring.cloud.vault.session.lifecycle.enabled=true
Enable session lifecycle management.
org.springframework.cloud.vault.config.VaultProperties$SessionLifecycle.
CAS Property: spring.cloud.vault.session.lifecycle.enabled
When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value
.
The only possible exception to this rule is when naming actuator endpoints; The name of the
actuator endpoints (i.e. ssoSessions
) MUST remain in camelCase mode.
.properties
files:
1
spring.cloud.vault.session.lifecycle.enabled=true
1
spring:
cloud:
vault:
session:
lifecycle:
enabled: "true"
1
java -Dspring.cloud.vault.session.lifecycle.enabled="true" -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory. Note the placement of the system property which must be
specified before the CAS web application is launched.
1
2
3
export SPRING_CLOUD_VAULT_SESSION_LIFECYCLE_ENABLED="true"
java -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory.
1
java -jar build/libs/cas.war --spring.cloud.vault.session.lifecycle.enabled="true"
cas.war
with an embedded server container and can be found in the build/libs
directory.
spring.cloud.vault.session.lifecycle.expiry-threshold=7s
The expiry threshold for a LoginToken
. The threshold represents a minimum TTL duration to consider a login token as valid. Tokens with a shorter TTL are considered expired and are not used anymore. Should be greater than refreshBeforeExpiry
to prevent token expiry.
org.springframework.cloud.vault.config.VaultProperties$SessionLifecycle.
CAS Property: spring.cloud.vault.session.lifecycle.expiry-threshold
When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value
.
The only possible exception to this rule is when naming actuator endpoints; The name of the
actuator endpoints (i.e. ssoSessions
) MUST remain in camelCase mode.
.properties
files:
1
spring.cloud.vault.session.lifecycle.expiry-threshold=7s
1
spring:
cloud:
vault:
session:
lifecycle:
expiry-threshold: "7s"
1
java -Dspring.cloud.vault.session.lifecycle.expiry-threshold="7s" -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory. Note the placement of the system property which must be
specified before the CAS web application is launched.
1
2
3
export SPRING_CLOUD_VAULT_SESSION_LIFECYCLE_EXPIRY_THRESHOLD="7s"
java -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory.
1
java -jar build/libs/cas.war --spring.cloud.vault.session.lifecycle.expiry-threshold="7s"
cas.war
with an embedded server container and can be found in the build/libs
directory.
spring.cloud.vault.session.lifecycle.refresh-before-expiry=5s
The time period that is at least required before renewing the LoginToken
.
org.springframework.cloud.vault.config.VaultProperties$SessionLifecycle.
CAS Property: spring.cloud.vault.session.lifecycle.refresh-before-expiry
When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value
.
The only possible exception to this rule is when naming actuator endpoints; The name of the
actuator endpoints (i.e. ssoSessions
) MUST remain in camelCase mode.
.properties
files:
1
spring.cloud.vault.session.lifecycle.refresh-before-expiry=5s
1
spring:
cloud:
vault:
session:
lifecycle:
refresh-before-expiry: "5s"
1
java -Dspring.cloud.vault.session.lifecycle.refresh-before-expiry="5s" -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory. Note the placement of the system property which must be
specified before the CAS web application is launched.
1
2
3
export SPRING_CLOUD_VAULT_SESSION_LIFECYCLE_REFRESH_BEFORE_EXPIRY="5s"
java -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory.
1
java -jar build/libs/cas.war --spring.cloud.vault.session.lifecycle.refresh-before-expiry="5s"
cas.war
with an embedded server container and can be found in the build/libs
directory.
spring.cloud.vault.ssl.cert-auth-path=cert
Mount path of the TLS cert authentication backend.
org.springframework.cloud.vault.config.VaultProperties$Ssl.
CAS Property: spring.cloud.vault.ssl.cert-auth-path
When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value
.
The only possible exception to this rule is when naming actuator endpoints; The name of the
actuator endpoints (i.e. ssoSessions
) MUST remain in camelCase mode.
.properties
files:
1
spring.cloud.vault.ssl.cert-auth-path=cert
1
spring:
cloud:
vault:
ssl:
cert-auth-path: "cert"
1
java -Dspring.cloud.vault.ssl.cert-auth-path="cert" -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory. Note the placement of the system property which must be
specified before the CAS web application is launched.
1
2
3
export SPRING_CLOUD_VAULT_SSL_CERT_AUTH_PATH="cert"
java -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory.
1
java -jar build/libs/cas.war --spring.cloud.vault.ssl.cert-auth-path="cert"
cas.war
with an embedded server container and can be found in the build/libs
directory.
spring.cloud.vault.ssl.enabled-cipher-suites=
List of enabled SSL/TLS cipher suites. @since 3.0.2
org.springframework.cloud.vault.config.VaultProperties$Ssl.
CAS Property: spring.cloud.vault.ssl.enabled-cipher-suites
When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value
.
The only possible exception to this rule is when naming actuator endpoints; The name of the
actuator endpoints (i.e. ssoSessions
) MUST remain in camelCase mode.
.properties
files:
1
spring.cloud.vault.ssl.enabled-cipher-suites=...
1
spring:
cloud:
vault:
ssl:
enabled-cipher-suites: "..."
1
java -Dspring.cloud.vault.ssl.enabled-cipher-suites="..." -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory. Note the placement of the system property which must be
specified before the CAS web application is launched.
1
2
3
export SPRING_CLOUD_VAULT_SSL_ENABLED_CIPHER_SUITES="..."
java -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory.
1
java -jar build/libs/cas.war --spring.cloud.vault.ssl.enabled-cipher-suites="..."
cas.war
with an embedded server container and can be found in the build/libs
directory.
spring.cloud.vault.ssl.enabled-protocols=
List of enabled SSL/TLS protocol. @since 3.0.2
org.springframework.cloud.vault.config.VaultProperties$Ssl.
CAS Property: spring.cloud.vault.ssl.enabled-protocols
When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value
.
The only possible exception to this rule is when naming actuator endpoints; The name of the
actuator endpoints (i.e. ssoSessions
) MUST remain in camelCase mode.
.properties
files:
1
spring.cloud.vault.ssl.enabled-protocols=...
1
spring:
cloud:
vault:
ssl:
enabled-protocols: "..."
1
java -Dspring.cloud.vault.ssl.enabled-protocols="..." -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory. Note the placement of the system property which must be
specified before the CAS web application is launched.
1
2
3
export SPRING_CLOUD_VAULT_SSL_ENABLED_PROTOCOLS="..."
java -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory.
1
java -jar build/libs/cas.war --spring.cloud.vault.ssl.enabled-protocols="..."
cas.war
with an embedded server container and can be found in the build/libs
directory.
spring.cloud.vault.ssl.key-store=
Trust store that holds certificates and private keys.
org.springframework.cloud.vault.config.VaultProperties$Ssl.
CAS Property: spring.cloud.vault.ssl.key-store
When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value
.
The only possible exception to this rule is when naming actuator endpoints; The name of the
actuator endpoints (i.e. ssoSessions
) MUST remain in camelCase mode.
.properties
files:
1
spring.cloud.vault.ssl.key-store=...
1
spring:
cloud:
vault:
ssl:
key-store: "..."
1
java -Dspring.cloud.vault.ssl.key-store="..." -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory. Note the placement of the system property which must be
specified before the CAS web application is launched.
1
2
3
export SPRING_CLOUD_VAULT_SSL_KEY_STORE="..."
java -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory.
1
java -jar build/libs/cas.war --spring.cloud.vault.ssl.key-store="..."
cas.war
with an embedded server container and can be found in the build/libs
directory.
spring.cloud.vault.ssl.key-store-password=
Password used to access the key store.
org.springframework.cloud.vault.config.VaultProperties$Ssl.
CAS Property: spring.cloud.vault.ssl.key-store-password
When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value
.
The only possible exception to this rule is when naming actuator endpoints; The name of the
actuator endpoints (i.e. ssoSessions
) MUST remain in camelCase mode.
.properties
files:
1
spring.cloud.vault.ssl.key-store-password=...
1
spring:
cloud:
vault:
ssl:
key-store-password: "..."
1
java -Dspring.cloud.vault.ssl.key-store-password="..." -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory. Note the placement of the system property which must be
specified before the CAS web application is launched.
1
2
3
export SPRING_CLOUD_VAULT_SSL_KEY_STORE_PASSWORD="..."
java -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory.
1
java -jar build/libs/cas.war --spring.cloud.vault.ssl.key-store-password="..."
cas.war
with an embedded server container and can be found in the build/libs
directory.
spring.cloud.vault.ssl.key-store-type=
Type of the key store. @since 3.0
org.springframework.cloud.vault.config.VaultProperties$Ssl.
CAS Property: spring.cloud.vault.ssl.key-store-type
When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value
.
The only possible exception to this rule is when naming actuator endpoints; The name of the
actuator endpoints (i.e. ssoSessions
) MUST remain in camelCase mode.
.properties
files:
1
spring.cloud.vault.ssl.key-store-type=...
1
spring:
cloud:
vault:
ssl:
key-store-type: "..."
1
java -Dspring.cloud.vault.ssl.key-store-type="..." -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory. Note the placement of the system property which must be
specified before the CAS web application is launched.
1
2
3
export SPRING_CLOUD_VAULT_SSL_KEY_STORE_TYPE="..."
java -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory.
1
java -jar build/libs/cas.war --spring.cloud.vault.ssl.key-store-type="..."
cas.war
with an embedded server container and can be found in the build/libs
directory.
spring.cloud.vault.ssl.trust-store=
Trust store that holds SSL certificates.
org.springframework.cloud.vault.config.VaultProperties$Ssl.
CAS Property: spring.cloud.vault.ssl.trust-store
When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value
.
The only possible exception to this rule is when naming actuator endpoints; The name of the
actuator endpoints (i.e. ssoSessions
) MUST remain in camelCase mode.
.properties
files:
1
spring.cloud.vault.ssl.trust-store=...
1
spring:
cloud:
vault:
ssl:
trust-store: "..."
1
java -Dspring.cloud.vault.ssl.trust-store="..." -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory. Note the placement of the system property which must be
specified before the CAS web application is launched.
1
2
3
export SPRING_CLOUD_VAULT_SSL_TRUST_STORE="..."
java -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory.
1
java -jar build/libs/cas.war --spring.cloud.vault.ssl.trust-store="..."
cas.war
with an embedded server container and can be found in the build/libs
directory.
spring.cloud.vault.ssl.trust-store-password=
Password used to access the trust store.
org.springframework.cloud.vault.config.VaultProperties$Ssl.
CAS Property: spring.cloud.vault.ssl.trust-store-password
When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value
.
The only possible exception to this rule is when naming actuator endpoints; The name of the
actuator endpoints (i.e. ssoSessions
) MUST remain in camelCase mode.
.properties
files:
1
spring.cloud.vault.ssl.trust-store-password=...
1
spring:
cloud:
vault:
ssl:
trust-store-password: "..."
1
java -Dspring.cloud.vault.ssl.trust-store-password="..." -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory. Note the placement of the system property which must be
specified before the CAS web application is launched.
1
2
3
export SPRING_CLOUD_VAULT_SSL_TRUST_STORE_PASSWORD="..."
java -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory.
1
java -jar build/libs/cas.war --spring.cloud.vault.ssl.trust-store-password="..."
cas.war
with an embedded server container and can be found in the build/libs
directory.
spring.cloud.vault.ssl.trust-store-type=
Type of the trust store. @since 3.0
org.springframework.cloud.vault.config.VaultProperties$Ssl.
CAS Property: spring.cloud.vault.ssl.trust-store-type
When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value
.
The only possible exception to this rule is when naming actuator endpoints; The name of the
actuator endpoints (i.e. ssoSessions
) MUST remain in camelCase mode.
.properties
files:
1
spring.cloud.vault.ssl.trust-store-type=...
1
spring:
cloud:
vault:
ssl:
trust-store-type: "..."
1
java -Dspring.cloud.vault.ssl.trust-store-type="..." -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory. Note the placement of the system property which must be
specified before the CAS web application is launched.
1
2
3
export SPRING_CLOUD_VAULT_SSL_TRUST_STORE_TYPE="..."
java -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory.
1
java -jar build/libs/cas.war --spring.cloud.vault.ssl.trust-store-type="..."
cas.war
with an embedded server container and can be found in the build/libs
directory.
spring.cloud.vault.token=
Static vault token. Required if #authentication
is TOKEN
.
org.springframework.cloud.vault.config.VaultProperties.
CAS Property: spring.cloud.vault.token
When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value
.
The only possible exception to this rule is when naming actuator endpoints; The name of the
actuator endpoints (i.e. ssoSessions
) MUST remain in camelCase mode.
.properties
files:
1
spring.cloud.vault.token=...
1
spring:
cloud:
vault:
token: "..."
1
java -Dspring.cloud.vault.token="..." -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory. Note the placement of the system property which must be
specified before the CAS web application is launched.
1
2
3
export SPRING_CLOUD_VAULT_TOKEN="..."
java -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory.
1
java -jar build/libs/cas.war --spring.cloud.vault.token="..."
cas.war
with an embedded server container and can be found in the build/libs
directory.
spring.cloud.vault.uri=
Vault URI. Can be set with scheme, host and port.
org.springframework.cloud.vault.config.VaultProperties.
CAS Property: spring.cloud.vault.uri
When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value
.
The only possible exception to this rule is when naming actuator endpoints; The name of the
actuator endpoints (i.e. ssoSessions
) MUST remain in camelCase mode.
.properties
files:
1
spring.cloud.vault.uri=...
1
spring:
cloud:
vault:
uri: "..."
1
java -Dspring.cloud.vault.uri="..." -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory. Note the placement of the system property which must be
specified before the CAS web application is launched.
1
2
3
export SPRING_CLOUD_VAULT_URI="..."
java -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory.
1
java -jar build/libs/cas.war --spring.cloud.vault.uri="..."
cas.war
with an embedded server container and can be found in the build/libs
directory.
Configuration Metadata
The collection of configuration properties listed in this section are automatically generated from the CAS source and components that contain the actual field definitions, types, descriptions, modules, etc. This metadata may not always be 100% accurate, or could be lacking details and sufficient explanations.
Be Selective
This section is meant as a guide only. Do NOT copy/paste the entire collection of settings into your CAS configuration; rather pick only the properties that you need. Do NOT enable settings unless you are certain of their purpose and do NOT copy settings into your configuration only to keep them as reference. All these ideas lead to upgrade headaches, maintenance nightmares and premature aging.
YAGNI
Note that for nearly ALL use cases, declaring and configuring properties listed here is sufficient. You should NOT have to explicitly massage a CAS XML/Java/etc configuration file to design an authentication handler, create attribute release policies, etc. CAS at runtime will auto-configure all required changes for you. If you are unsure about the meaning of a given CAS setting, do NOT turn it on without hesitation. Review the codebase or better yet, ask questions to clarify the intended behavior.
Naming Convention
Property names can be specified in very relaxed terms. For instance cas.someProperty
, cas.some-property
, cas.some_property
are all valid names. While all
forms are accepted by CAS, there are certain components (in CAS and other frameworks used) whose activation at runtime is conditional on a property value, where
this property is required to have been specified in CAS configuration using kebab case. This is both true for properties that are owned by CAS as well as those
that might be presented to the system via an external library or framework such as Spring Boot, etc.
When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value
.
The only possible exception to this rule is when naming actuator endpoints; The name of the
actuator endpoints (i.e. ssoSessions
) MUST remain in camelCase mode.
Settings and properties that are controlled by the CAS platform directly always begin with the prefix cas
. All other settings are controlled and provided
to CAS via other underlying frameworks and may have their own schemas and syntax. BE CAREFUL with
the distinction. Unrecognized properties are rejected by CAS and/or frameworks upon which CAS depends. This means if you somehow misspell a property definition
or fail to adhere to the dot-notation syntax and such, your setting is entirely refused by CAS and likely the feature it controls will never be activated in the
way you intend.
Validation
Configuration properties are automatically validated on CAS startup to report issues with configuration binding, specially if defined CAS settings cannot be recognized or validated by the configuration schema. Additional validation processes are also handled via Configuration Metadata and property migrations applied automatically on startup by Spring Boot and family.
Indexed Settings
CAS settings able to accept multiple values are typically documented with an index, such as cas.some.setting[0]=value
. The index [0]
is meant to be
incremented by the adopter to allow for distinct multiple configuration blocks.
With CAS, secrets are picked up at startup of the application server. CAS uses the data and settings
from the application name (i.e. cas
) and active profiles to determine contexts paths in
which secrets should be stored and later fetched.
These context paths typically are:
1
2
/secret/{application}/{profile}
/secret/{application}
As an example, you may write the following CAS setting to Vault:
1
vault write secret/cas/native <setting-name>=<value>
CAS will execute the equivalent of the following command to read settings later when needed:
1
vault read secret/cas/native
All settings and secrets that are stored inside Vault may be reloaded at any given time. To learn more about how CAS allows you to reload configuration changes, please review this guide. To learn more about how configuration is managed and profiled by CAS, please review this guide.
Troubleshooting
To enable additional logging, modify the logging configuration file to add the following:
1
2
3
4
<Logger name="org.springframework.cloud.vault" level="debug" additivity="false">
<AppenderRef ref="casConsole"/>
<AppenderRef ref="casFile"/>
</Logger>