Sergio Santiago

@evanchaoli I saw that you've implemented this in the past, maybe you have some insights to share?

Hi 🧇 I apologize for the delay. I ended up circumventing this by creating a GlobalObservationConvetion that will overwrite the one used by config-server. This way I could overwrite `getLowCardinalityKeyValues`...

Hi @ryanjbaxter, thank you for your prompt response. While the solution you provided is appreciated, it doesn't precisely align with our requirements. Our objective is to maintain a dual backend...

Consider a scenario with three services: ServiceA, ServiceB, and ServiceC. ServiceA needs to make requests to ServiceC, and ServiceB also needs to make requests to ServiceC. Both ServiceA and ServiceB...

Yes, indeed it can, but also a ServiceX would get this secret even though it is not needed, so that would be a security issue leaking secrets to all services.

I guess I know what you are about to suggest. The service sends the token and we link the secrets to the token sent by the service. Yes, that would...

I'm not sure if I fully understand that. How that would look like?

I stumbled [here](https://github.com/spring-cloud/spring-cloud-config/blob/3e423e5d3123f28f11f295f33a505439a2669343/spring-cloud-config-server/src/main/java/org/springframework/cloud/config/server/encryption/vault/VaultEnvironmentEncryptor.java) by accident. This looks like exactly what I planned to have. So I need to enable the `vault` profile and set the value starting with `{vault}`.

I just did some tests and it does exactly what is needed for this use case. - I needed to set the configuration for Vault under spring, not under composite....

Sure, I can take a look. Which section do you suggest to put this?