diff --git a/config-vault/src/main/java/io/scalecube/config/vault/KubernetesVaultTokenSupplier.java b/config-vault/src/main/java/io/scalecube/config/vault/KubernetesVaultTokenSupplier.java index cc7ee49f..43a6ebaa 100644 --- a/config-vault/src/main/java/io/scalecube/config/vault/KubernetesVaultTokenSupplier.java +++ b/config-vault/src/main/java/io/scalecube/config/vault/KubernetesVaultTokenSupplier.java @@ -7,11 +7,14 @@ import java.nio.file.Files; import java.nio.file.Paths; import java.util.Objects; +import java.util.Optional; import java.util.stream.Collectors; public class KubernetesVaultTokenSupplier implements VaultTokenSupplier { private static final String VAULT_ROLE = "VAULT_ROLE"; + private static final String VAULT_JWT_PROVIDER = "VAULT_JWT_PROVIDER"; + private static final String DEFAULT_JWT_PROVIDER = "kubernetes"; private static final String SERVICE_ACCOUNT_TOKEN_PATH = "/var/run/secrets/kubernetes.io/serviceaccount/token"; @@ -20,8 +23,11 @@ public String getToken(EnvironmentLoader environmentLoader, VaultConfig config) String role = Objects.requireNonNull(environmentLoader.loadVariable(VAULT_ROLE), "vault role"); try { String jwt = Files.lines(Paths.get(SERVICE_ACCOUNT_TOKEN_PATH)).collect(Collectors.joining()); + String provider = + Optional.ofNullable(environmentLoader.loadVariable(VAULT_JWT_PROVIDER)) + .orElse(DEFAULT_JWT_PROVIDER); return Objects.requireNonNull( - new Vault(config).auth().loginByKubernetes(role, jwt).getAuthClientToken(), + new Vault(config).auth().loginByJwt(provider, role, jwt).getAuthClientToken(), "vault token"); } catch (Exception e) { throw ThrowableUtil.propagate(e);