Hi there. New to Doppler and Secret Management in general and was hopeful someone here may have past experience with this style setup:
I have a web app that has a Spring Boot 3.0 backend and a React frontend. That said, it seems I have the secret management working for the react frontend but not my spring backend. For instance I can comment out my DEV ENV file for the frontend and it seems that with my configuration “doppler run react-scripts build” it is successfully picking up on the secrets I set up for my dev environment.
However I still have .yml files for my backend that I’m not understanding how to protect. I added the secrets to my doppler configuration but if I run the application with my dev yml contents commented out it will error on start up. I must be missing something simple here and hope someone can weigh in on what I might be missing. I saw the sample on GitHub: DopplerUniversity/doppler-spring-boot and still have yet to figure it out. I do not use Kubernetes.
This all said, a Youtube tutorial on this with this particular setup (Spring Boot / React) in mind would be very helpful for the community if the Doppler devs happen to be reading this.
Thanks to anyone who takes the time to read this and potentially offer a solution. All thoughts are much appreciated.
Hi @douglasc0leman!
Welcome to the Doppler Community!
We have an example project showing how you can use Spring Boot configuration properties with Doppler available here:
Could you take a look at it and let me know if that helps at all?
Regards,
-Joel
Hey @watsonian !
So I was referencing that project previously but still am finding myself a bit confused. I have all of the config files set up and them autowired in my main application file. When I start my app I see the following but all with null values:
When I run the “doppler run – ./mvnw spring-boot:run --quiet” command nothing seems to happen. I feel that I’m very close but missing something simple. Any idea on what I might be approaching incorrectly?
-Thanks in advance!
I can’t edit my post to include another image but I wanted to make it known that I also am logged in via CLI and able to see my secrets… so not sure what I am missing:
@douglasc0leman Try running it without the --quiet. I think that’s suppressing an OS permissions prompt that’s required and either way you should get a better idea of what’s going on. I just did this following the README with the sample app and it worked out-of-the-box. With the --quiet it looked like nothing was happening though – which was it getting stuck at the permission elevation requirement, I think.
1 Like
That definitely was part of my issue. After removing --quiet I am able to get it to start and I was able to sys out some secrets on start up which tells me it is working. So then I went to comment out my application.yml (DEV) file and restart to see if everything is working as expected and it failed to start with the following issue. Seems related to my oauth2 setup. Any thoughts on why this might be the case? I could always share my yml file with the secrets concealed if that would help. Thanks for your input so far, it’s been very helpful:
So, when your ENV file is setup and loaded, it works as expected, but when you comment that out and try to just use Doppler it fails like this? Could you paste in the relevant portion of your ENV file (redacting the secret) along with the corollary secrets you have setup in Doppler? And just to confirm, the other environment variables coming in from Doppler are working and it just seems to be this one oauth-related one that’s failing?
1 Like
Doing some additional digging, this actually sounds pretty similar to what you’re facing:
1 Like
Good morning @watsonian !
That is correct. So I use MyEclipse as my IDE for the backend java code. I put two values in my sys out so I could determine if Doppler is working as expected (and it is partially). I have a tenant.id (comes from my yml file) and a TENANT_ID (comes from Doppler). When I start the app in my IDE (no doppler run command) the TENANT_ID is returning as ‘null’ but my tenant.id is populated as expected which makes sense. If I use the command line and use the command ‘doppler run – .\mvnw spring-boot:run’ it starts up and I’ll see that both tenant.id and TENANT_ID have the value I expect. Which tells me Doppler is working for that value when using the command line. Side-note I need to figure out if I can tell MyEclipse to prepend ‘doppler run’ so I can start the app using the IDE and not command line.
However when I comment out my entire dev yaml I got the above error related to Oauth2. Here’s a screenshot showing the pertinent values in my yaml file as well as how they were imported into Doppler. Hope this helps. I will refer to the article you provided as well to see if that gets me any closer to the solution. Again, I appreciate your input!
Update:
I seem to have it working now. These are the values I needed to keep in my .yml file in order for it to start up without erroring. Without these defined, the app will throw the aforementioned error.
I was hoping I could remove the yml file entirely but I’m fine with this as it no longer contains any secrets/api keys/credentials. I’m going to have to mess around with our staging environment and see if I can implement this change there before going to production. Hope this thread helps anyone who may be facing similar config issues/errors.
@douglasc0leman Ah, it looks like the issue there might be due to that variable being a list. According to Spring’s docs, it looks like you’d do something like this:
SPRING_SECURITY_OAUTH2_CLIENT_REGISTRATION_AZURE_DEV_SCOPE_1
SPRING_SECURITY_OAUTH2_CLIENT_REGISTRATION_AZURE_DEV_SCOPE_2
SPRING_SECURITY_OAUTH2_CLIENT_REGISTRATION_AZURE_DEV_SCOPE_3
where each of those has a value that maps to one of the scope list entries. Could you give that a shot and see if it works?
1 Like
Interesting. I gave that a try but even with those new values configured, I get that same startup error. t would appear I need this defined in my yml or the app will throw that error:
I even tried adding a value for
SPRING_SECURITY_OAUTH2_CLIENT_REGISTRATION = azure-dev
and commented out what’s left in the yaml file, but it still throws that stubborn error. I’m fine with the yaml file now as is with no secrets exposed. It’s just a strange error and not sure why that is the case. Thanks for your help! I will mark your latest answer as the solution.
@douglasc0leman Maybe this is relevant here?
The _ delimiter must not be used within a property name. i.e. database-platform must be written as DATABASEPLATFORM and not DATABASE_PLATFORM
Maybe those should instead be:
SPRING_SECURITY_OAUTH2_CLIENT_REGISTRATION_AZUREDEV_SCOPE_1
SPRING_SECURITY_OAUTH2_CLIENT_REGISTRATION_AZUREDEV_SCOPE_2
SPRING_SECURITY_OAUTH2_CLIENT_REGISTRATION_AZUREDEV_SCOPE_3
Doing that led to this error so I reverted:
Hm… It seems like that should be right:
What about this?
SPRING_SECURITY_OAUTH2_CLIENT_REGISTRATION_AZUREDEV_SCOPE
with the value set to:
openid,email,profile
Same error? If that doesn’t work, I’m clean out of ideas!
