Spring Cloud Vault ships with secret backend support for the most common backend integrations. You can integrate with any kind of backend by providing an implementation that describes how to obtain data from the backend you want to use and how to surface data provided by that backend by providing a PropertyTransformer.spring-doc.cn

Adding a custom implementation for a backend requires implementation of two interfaces:spring-doc.cn

VaultSecretBackendDescriptor is typically an object that holds configuration data, such as VaultDatabaseProperties. Spring Cloud Vault requires that your type is annotated with @ConfigurationProperties to materialize the class from the configuration.spring-doc.cn

SecretBackendMetadataFactory accepts VaultSecretBackendDescriptor to create the actual SecretBackendMetadata object which holds the context path within your Vault server, any path variables required to resolve parametrized context paths and PropertyTransformer.spring-doc.cn

Both, VaultSecretBackendDescriptor and SecretBackendMetadataFactory types must be registered in spring.factories which is an extension mechanism provided by Spring, similar to Java’s ServiceLoader.spring-doc.cn