Problem

If a Vault token is not provided to the Config Server when accessing it's health actuator then the Vault backend health check will respond as failed.

Requested Solution

If a Vault token is not provided, the Config Server health check should not fail and may provide just the Vault server's health status API response instead.

https://www.vaultproject.io/api/system/health.html

Comment From: spencergibb

should this be in spring cloud config?

Comment From: csterwa

Moved to Spring Cloud Config repo.

Comment From: habuma

The best solution, IMO, is to have Vault's environment repository fail gracefully when there is no token. That addresses the health indicator problem, but also addresses other problems such as the requirement that all config clients be given a token, even if only some need secrets from Vault.

In short, if VaultEnvironmentRepository were to return an empty set of secrets when there is no token, rather than failing with an IllegalArgumentException, then it would address the concern with the health indicator, address an SCS-specific need for our dashboard, and allow multiple clients to consume properties from a Vault-backed config server, even if they don't have the Vault token (only those with a token will receive Vault secrets, though).