It can be a bit confusing

See this gitter conversation https://gitter.im/spring-cloud/spring-cloud?at=5e6f0295c8ddaf238c89c3d3

Comment From: snowe2010

Some of the things missing from the documentation:

  • No indication of the difference between client auth and server auth. The documentation seems to indicate that you need to provide credentials on both sides.
  • Hiding server vault secrets behind client forced auth could be a bit better explained
  • On this topic, two sample projects would help the situation massively. There are already plenty of samples that demonstrate client token auth, but none mention that there is no alternative. This should be detailed in this section. I was unable to find any samples that showed the different types of server auth.
  • The documentation for spring cloud should have all possible application property values. I searched high and low on the reference, including using the same route from other docs like spring boot that do have these references. There is no indication that cloud uses spring-vault under the covers, but uses different property keys. I'm only able to find the proper keys by digging into VaultEnvironmentProperties.
  • an explanation of what is actually provided to configure these different providers should be provided. After discovering that spring-vault was what was under the covers and not spring-cloud-vault I went to this section of documentation and began trying to autowire those beans as I thought it was necessary. Any explanation that the beans would be auto configured would be good. There are already other people getting confused about the same thing
  • it is not clear what the purpose of VaultEnvironmentRepository is anymore. Without it we get a large ThreadPoolTaskScheduler not initialized when making the very first request after startup to SCCS. With it, it forces the client to provide a token, with the X-Config-Token header
  • It was not clear that using server token auth would automatically refresh the token. This is along the lines of above, where it's not clear how SCCS is utilizing spring-vault under the covers, whether you need to autowire those components etc.
  • No docs about redacting vault secrets in actuator. Spring Cloud Connectors has this capability, maybe it should be added to spring-cloud-config.

Comment From: spencergibb

Anything that isn't docs related will need to go in another issue (ie redacting secrets).