This guide demonstrates how to configure a Spring Boot application to use HashiCorp Vault for secrets in remote environments (e.g., prod, staging, integration) while avoiding Vault entirely in local environments (dev, test), using only one main configuration file and minimal profile-specific overrides.

✅ Goals

  • Use only one main application.properties file
  • Avoid Vault in dev and test profiles
  • Enable Vault by default for all other environments
  • Support dynamic Vault paths like secret/prod/vault-demo
  • Manage Vault and Spring behavior with environment variables
  • Provide launcher classes for local testing with dev or test profile

📦 Maven Dependencies 

org.springframework.boot
        spring-boot-starter
    
    
        org.springframework.cloud
        spring-cloud-starter-vault-config
    



    
        
            org.springframework.cloud
            spring-cloud-dependencies
            2023.0.0
            pom
            import

⚙️ Properties Files

application.properties (Default for remote environments) 

spring.application.name=vault-demo

# Vault is enabled by default (for remote)
spring.cloud.vault.authentication=token
spring.cloud.vault.token=${VAULT_TOKEN}
spring.cloud.vault.kv.enabled=true
spring.cloud.vault.kv.backend=secret
spring.cloud.vault.kv.application-name=${VAULT_ENV}/vault-demo
spring.cloud.vault.uri=${VAULT_URI}

application-dev.properties 

spring.cloud.vault.enabled=false
my.secret.property=local-dev-value

application-test.properties 

spring.cloud.vault.enabled=false
my.secret.property=local-test-value

🔧 Run Examples

✅ Remote (Vault-enabled) 

export VAULT_ENV=prod
export VAULT_URI=https://vault.company.com
export VAULT_TOKEN=your-token

./mvnw spring-boot:run

🧪 Local Dev Profile 

./mvnw spring-boot:run -Dspring.profiles.active=dev

🔍 Accessing Secrets in Code 

@Value("${my.secret.property}")
private String secretValue;

Or:

@ConfigurationProperties(prefix = "my.secret")
public class SecretConfig {
    private String property;
    // Getters and setters
}

🧠 Summary

Environment Profile Vault Used Vault Path
dev dev ❌ No N/A
test test ❌ No N/A
integration (none) ✅ Yes secret/integration/vault-demo
staging (none) ✅ Yes secret/staging/vault-demo
prod (none) ✅ Yes secret/prod/vault-demo

✅ Environment Variable Reference

Variable Purpose Example
SPRING_PROFILES_ACTIVE Activates local profile (dev, test) dev, test
VAULT_ENV Remote Vault env name (prod, staging) prod, staging, integration
VAULT_URI Vault endpoint https://vault.company.com
VAULT_TOKEN Vault token for authentication s.XXXXXXXXXXXX