'Scheme' Configuration option is not recognized when starting up spring boot application

[WillemTheWalrus]

Describe the bug
I am running vault in a local docker container at http://localhost:8200 and have configured my application to reach out to this container using http, NOT https. However, I see this error when starting up the application: I/O error on GET request for "https://localhost:8200/v1/secret/application/local": Unsupported or unrecognized SSL message

I will post my configuration file and my docker-compose file below.

I am using the following dependency in my gradle build: implementation("org.springframework.cloud:spring-cloud-starter-vault-config")

From the error message it looks like spring-cloud-vault-config-4.0.1 and spring-vault-core-3.0.0 are being brought in as transitive dependencies.

Also, I am running this locally using the local profile

Sample
application-local.yml:

spring:
  application:
    name: "Generic Service"

  cloud.vault:
    scheme: http
    enabled: false
    token: 00000000-0000-0000-0000-000000000000
    uri: http://localhost:8200
    ssl:
      trust-store: none
  sql:
    init:
      mode: always
  datasource:
    url: jdbc:postgresql://localhost:5432/postgres
    username: postgres
    password: postgres
    driver-class-name: org.postgresql.Driver

  kafka:
    bootstrap-servers: localhost:29092
    template:
      default-topic: my-topic
    consumer:
      group-id: generic-group
      auto-offset-reset: earliest
logging:
  level:
    root: INFO

docker-compose.yml:

services:
  vault:
    image: artifactory.legalzoom.com/docker-remote/hashicorp/vault:1.13
    restart: always
    command: [ 'vault', 'server', '-dev', '-dev-listen-address=0.0.0.0:8200' ]
    environment:
      VAULT_DEV_ROOT_TOKEN_ID: "00000000-0000-0000-0000-000000000000"
    ports:
      - "8200:8200"
  db:
    image: postgres:14.1-alpine
    restart: always
    environment:
      - POSTGRES_USER=postgres
      - POSTGRES_PASSWORD=postgres
    ports:
      - '5432:5432'
    volumes:
      - db:/var/lib/postgresql/data
  zookeeper:
    image: confluentinc/cp-zookeeper:latest
    environment:
      ZOOKEEPER_CLIENT_PORT: 2181
      ZOOKEEPER_TICK_TIME: 2000
    ports:
      - 22181:2181
  kafka:
    image: confluentinc/cp-kafka:latest
    depends_on:
      - zookeeper
    ports:
      - 29092:29092
    environment:
      KAFKA_BROKER_ID: 1
      KAFKA_ZOOKEEPER_CONNECT: zookeeper:2181
      KAFKA_ADVERTISED_LISTENERS: PLAINTEXT://kafka:9092,PLAINTEXT_HOST://localhost:29092
      KAFKA_LISTENER_SECURITY_PROTOCOL_MAP: PLAINTEXT:PLAINTEXT,PLAINTEXT_HOST:PLAINTEXT
      KAFKA_INTER_BROKER_LISTENER_NAME: PLAINTEXT
      KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR: 1
volumes:
  db:
    driver: local
networks:
  br:
    driver: bridge

[mp911de]

You provided both, scheme and uri. A configured URI has precedence over scheme, hostname and port.

Please either configure URI or scheme/hostname/port.

[WillemTheWalrus]

I removed the scheme attribute but am still seeing the same error. Here is the updated cloud.vault section of my application-local.yml file:

  cloud.vault:
    enabled: true
    token: 00000000-0000-0000-0000-000000000000
    uri: http://localhost:8200

It appears as though the URI I provided is not being used

[mp911de]

By using HTTPS in the URI, you can switch to SSL. Also, your URL looks like the default values.

[WillemTheWalrus]

Since this is for local development, I would like to avoid setting up SSL on my local vault container. Is there any way to configure it so that it can make requests over http instead of https?

Also I tried changing the URI to https://localhost:8201 just to see if it would pick up any of configuration changes and it appears to still be using the same default URI. I made sure to clean and rebuild the project. Here is the stack trace:

org.springframework.web.client.ResourceAccessException: I/O error on GET request for "https://localhost:8200/v1/secret/application/local": Unsupported or unrecognized SSL message
	at org.springframework.web.client.RestTemplate.createResourceAccessException(RestTemplate.java:888) ~[spring-web-6.0.8.jar:6.0.8]
	at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:868) ~[spring-web-6.0.8.jar:6.0.8]
	at org.springframework.web.client.RestTemplate.execute(RestTemplate.java:764) ~[spring-web-6.0.8.jar:6.0.8]
	at org.springframework.web.client.RestTemplate.getForObject(RestTemplate.java:378) ~[spring-web-6.0.8.jar:6.0.8]
	at org.springframework.vault.core.VaultTemplate.lambda$doRead$5(VaultTemplate.java:461) ~[spring-vault-core-3.0.0.jar:3.0.0]
	at org.springframework.vault.core.VaultTemplate.doWithSession(VaultTemplate.java:448) ~[spring-vault-core-3.0.0.jar:3.0.0]
	at org.springframework.vault.core.VaultTemplate.doRead(VaultTemplate.java:458) ~[spring-vault-core-3.0.0.jar:3.0.0]
	at org.springframework.vault.core.VaultTemplate.read(VaultTemplate.java:353) ~[spring-vault-core-3.0.0.jar:3.0.0]
	at org.springframework.vault.core.lease.SecretLeaseContainer.doGetSecrets(SecretLeaseContainer.java:621) ~[spring-vault-core-3.0.0.jar:3.0.0]
	at org.springframework.vault.core.lease.SecretLeaseContainer.doStart(SecretLeaseContainer.java:366) ~[spring-vault-core-3.0.0.jar:3.0.0]
	at org.springframework.vault.core.lease.SecretLeaseContainer.start(SecretLeaseContainer.java:356) ~[spring-vault-core-3.0.0.jar:3.0.0]
	at org.springframework.vault.core.lease.SecretLeaseContainer.addRequestedSecret(SecretLeaseContainer.java:319) ~[spring-vault-core-3.0.0.jar:3.0.0]
	at org.springframework.vault.core.env.LeaseAwareVaultPropertySource.loadProperties(LeaseAwareVaultPropertySource.java:176) ~[spring-vault-core-3.0.0.jar:3.0.0]
	at org.springframework.vault.core.env.LeaseAwareVaultPropertySource.<init>(LeaseAwareVaultPropertySource.java:161) ~[spring-vault-core-3.0.0.jar:3.0.0]
	at org.springframework.vault.core.env.LeaseAwareVaultPropertySource.<init>(LeaseAwareVaultPropertySource.java:119) ~[spring-vault-core-3.0.0.jar:3.0.0]
	at org.springframework.cloud.vault.config.LeasingVaultPropertySourceLocator.createVaultPropertySource(LeasingVaultPropertySourceLocator.java:146) ~[spring-cloud-vault-config-4.0.1.jar:4.0.1]
	at org.springframework.cloud.vault.config.LeasingVaultPropertySourceLocator.createVaultPropertySource(LeasingVaultPropertySourceLocator.java:83) ~[spring-cloud-vault-config-4.0.1.jar:4.0.1]
	at org.springframework.cloud.vault.config.VaultPropertySourceLocatorSupport.doCreatePropertySources(VaultPropertySourceLocatorSupport.java:122) ~[spring-cloud-vault-config-4.0.1.jar:4.0.1]
	at org.springframework.cloud.vault.config.VaultPropertySourceLocatorSupport.createCompositePropertySource(VaultPropertySourceLocatorSupport.java:101) ~[spring-cloud-vault-config-4.0.1.jar:4.0.1]
	at org.springframework.cloud.vault.config.VaultPropertySourceLocatorSupport.locate(VaultPropertySourceLocatorSupport.java:76) ~[spring-cloud-vault-config-4.0.1.jar:4.0.1]
	at org.springframework.cloud.bootstrap.config.PropertySourceLocator.locateCollection(PropertySourceLocator.java:50) ~[spring-cloud-context-4.0.2.jar:4.0.2]
	at org.springframework.cloud.bootstrap.config.PropertySourceLocator.locateCollection(PropertySourceLocator.java:46) ~[spring-cloud-context-4.0.2.jar:4.0.2]
	at org.springframework.cloud.bootstrap.config.PropertySourceBootstrapConfiguration.initialize(PropertySourceBootstrapConfiguration.java:95) ~[spring-cloud-context-4.0.2.jar:4.0.2]
	at org.springframework.boot.SpringApplication.applyInitializers(SpringApplication.java:605) ~[spring-boot-3.0.6.jar:3.0.6]
	at org.springframework.boot.SpringApplication.prepareContext(SpringApplication.java:385) ~[spring-boot-3.0.6.jar:3.0.6]
	at org.springframework.boot.SpringApplication.run(SpringApplication.java:309) ~[spring-boot-3.0.6.jar:3.0.6]
	at org.springframework.boot.SpringApplication.run(SpringApplication.java:1304) ~[spring-boot-3.0.6.jar:3.0.6]
	at org.springframework.boot.SpringApplication.run(SpringApplication.java:1293) ~[spring-boot-3.0.6.jar:3.0.6]

Here is the log printed before the stack trace:
2023-12-05T07:02:56.582-08:00 WARN 98972 --- [ restartedMain] LeaseEventPublisher$LoggingErrorListener : [RequestedSecret [path='secret/application/local', mode=ROTATE]] Lease [leaseId='null', leaseDuration=PT0S, renewable=false] I/O error on GET request for "https://localhost:8200/v1/secret/application/local": Unsupported or unrecognized SSL message

[mp911de]

Does anything change if you provide that value as system property or via application.yml? I totally missed that you were looking for disabling HTTPS, I was under the impression you wanted to enable it.

[WillemTheWalrus]

Setting it as a System property worked!

While I am happy that this removed the error, is there any way to configure this in the properties file instead?

[mp911de]

I assume that due to the early nature of Spring Boot's config file handling, profile-specific config files aren't parsed yet.

[WillemTheWalrus]

I would agree with this however I also added tried changing the main application.yml file that should be loaded by default and tried running my application without a set profile. The settings in the application.yml profile were not pulled in ( changed the uri attribute to http://localhost:8209 but saw the same error that points to the uri https://localhost:8200). It seems that it isn't pulling in any configuration settings.

[WillemTheWalrus]

Is there something I have to do to enable this package to pull in the settings in my config files?

[WillemTheWalrus]

Also, I just checked my gradle compileClasspath and it looks like it is using v4.0.1 of the spring-cloud-start-vault-config package in case you are interested.

[mp911de]

There's a thread on profile-specific config files in the Boot issue tracker: spring-projects/spring-boot#26858

[WillemTheWalrus]

While I agree that this is an issue, I am also concerned with my properties not being loaded when there is no profile specified. My settings were not loaded even when they were moved to the application.yml file.

[WillemTheWalrus]

Thank you for taking the time to look at this issue! I appreciate it

[WillemTheWalrus]

I figured out the issue! I should have been putting my settings in a bootstrap.yml file as the settings need to be loaded before the application starts up. Sorry for any confusion this may have caused!