Move VaultRuntimeConfig to BOOTSTRAP phase

core/runtime/src/main/java/io/quarkus/runtime/TlsConfig.java

@@ -16,4 +16,10 @@ public class TlsConfig {
     @ConfigItem(defaultValue = "false")
     public boolean trustAll;
 
+    @Override
+    public String toString() {
+        return "TlsConfig{" +
+                "trustAll=" + trustAll +
+                '}';
+    }
 }

extensions/vault/deployment/src/main/java/io/quarkus/vault/VaultProcessor.java

@@ -1,7 +1,5 @@
 package io.quarkus.vault;
 
-import java.util.OptionalInt;
-
 import org.jboss.jandex.DotName;
 
 import io.quarkus.arc.deployment.AdditionalBeanBuildItem;
@@ -14,7 +12,7 @@
 import io.quarkus.deployment.builditem.ExtensionSslNativeSupportBuildItem;
 import io.quarkus.deployment.builditem.FeatureBuildItem;
 import io.quarkus.deployment.builditem.IndexDependencyBuildItem;
-import io.quarkus.deployment.builditem.RunTimeConfigurationSourceBuildItem;
+import io.quarkus.deployment.builditem.RunTimeConfigurationSourceValueBuildItem;
 import io.quarkus.deployment.builditem.SslNativeConfigBuildItem;
 import io.quarkus.deployment.builditem.nativeimage.ReflectiveClassBuildItem;
 import io.quarkus.runtime.TlsConfig;
@@ -25,8 +23,8 @@
 import io.quarkus.vault.runtime.VaultServiceProducer;
 import io.quarkus.vault.runtime.client.dto.VaultModel;
 import io.quarkus.vault.runtime.config.VaultBuildTimeConfig;
-import io.quarkus.vault.runtime.config.VaultConfigSource;
 import io.quarkus.vault.runtime.config.VaultRuntimeConfig;
+import io.quarkus.vault.runtime.health.VaultHealthCheck;
 
 public class VaultProcessor {
 
@@ -57,12 +55,6 @@ void build(
         sslNativeSupport.produce(new ExtensionSslNativeSupportBuildItem(Feature.VAULT));
     }
 
-    @BuildStep
-    void setUpConfigFile(BuildProducer<RunTimeConfigurationSourceBuildItem> configSourceConsumer) {
-        configSourceConsumer.produce(new RunTimeConfigurationSourceBuildItem(
-                VaultConfigSource.class.getName(), OptionalInt.of(150)));
-    }
-
     @BuildStep
     AdditionalBeanBuildItem registerAdditionalBeans() {
         return new AdditionalBeanBuildItem.Builder()
@@ -74,15 +66,15 @@ AdditionalBeanBuildItem registerAdditionalBeans() {
 
     @Record(ExecutionTime.RUNTIME_INIT)
     @BuildStep
-    void configure(VaultRecorder recorder, VaultBuildTimeConfig buildTimeConfig, VaultRuntimeConfig serverConfig,
-            TlsConfig tlsConfig) {
-        recorder.configureRuntimeProperties(buildTimeConfig, serverConfig, tlsConfig);
+    public RunTimeConfigurationSourceValueBuildItem configure(VaultRecorder recorder, VaultBuildTimeConfig buildTimeConfig,
+            VaultRuntimeConfig serverConfig, TlsConfig tlsConfig) {
+        return new RunTimeConfigurationSourceValueBuildItem(
+                recorder.configureRuntimeProperties(buildTimeConfig, serverConfig, tlsConfig));
     }
 
     @BuildStep
     HealthBuildItem addHealthCheck(VaultBuildTimeConfig config) {
-        return new HealthBuildItem("io.quarkus.vault.runtime.health.VaultHealthCheck",
-                config.health.enabled);
+        return new HealthBuildItem(VaultHealthCheck.class.getName(), config.health.enabled);
     }
 
 }

extensions/vault/runtime/src/main/java/io/quarkus/vault/runtime/VaultManager.java

@@ -29,9 +29,7 @@ public static VaultManager getInstance() {
     }
 
     public static void init(VaultBuildTimeConfig buildTimeConfig, VaultRuntimeConfig serverConfig, TlsConfig tlsConfig) {
-        if (instance == null) {
-            instance = new VaultManager(buildTimeConfig, serverConfig, tlsConfig);
-        }
+        instance = new VaultManager(buildTimeConfig, serverConfig, tlsConfig);
     }
 
     public static void reset() {

extensions/vault/runtime/src/main/java/io/quarkus/vault/runtime/VaultRecorder.java

@@ -1,26 +1,43 @@
 package io.quarkus.vault.runtime;
 
+import java.util.Collections;
+
+import org.eclipse.microprofile.config.spi.ConfigSource;
+import org.eclipse.microprofile.config.spi.ConfigSourceProvider;
 import org.jboss.logging.Logger;
 
-import io.quarkus.arc.Arc;
+import io.quarkus.runtime.RuntimeValue;
 import io.quarkus.runtime.TlsConfig;
 import io.quarkus.runtime.annotations.Recorder;
 import io.quarkus.vault.runtime.config.VaultBuildTimeConfig;
+import io.quarkus.vault.runtime.config.VaultConfigSourceProvider;
 import io.quarkus.vault.runtime.config.VaultRuntimeConfig;
 
 @Recorder
 public class VaultRecorder {
 
     private static final Logger log = Logger.getLogger(VaultRecorder.class);
 
-    public void configureRuntimeProperties(VaultBuildTimeConfig vaultBuildTimeConfig, VaultRuntimeConfig vaultRuntimeConfig,
+    public RuntimeValue<ConfigSourceProvider> configureRuntimeProperties(VaultBuildTimeConfig vaultBuildTimeConfig,
+            VaultRuntimeConfig vaultRuntimeConfig,
             TlsConfig tlsConfig) {
 
         if (vaultRuntimeConfig.url.isPresent()) {
-            VaultServiceProducer producer = Arc.container().instance(VaultServiceProducer.class).get();
-            producer.setVaultConfigs(vaultBuildTimeConfig, vaultRuntimeConfig, tlsConfig);
+            VaultManager.init(vaultBuildTimeConfig, vaultRuntimeConfig, tlsConfig);
+            return new RuntimeValue<>(new VaultConfigSourceProvider(vaultRuntimeConfig));
+        } else {
+            return emptyRuntimeValue();
         }
+    }
 
+    private RuntimeValue<ConfigSourceProvider> emptyRuntimeValue() {
+        return new RuntimeValue<>(new EmptyConfigSourceProvider());
     }
 
+    private static class EmptyConfigSourceProvider implements ConfigSourceProvider {
+        @Override
+        public Iterable<ConfigSource> getConfigSources(ClassLoader forClassLoader) {
+            return Collections.emptyList();
+        }
+    }
 }

extensions/vault/runtime/src/main/java/io/quarkus/vault/runtime/VaultServiceProducer.java

@@ -6,13 +6,10 @@
 import javax.inject.Named;
 
 import io.quarkus.credentials.CredentialsProvider;
-import io.quarkus.runtime.TlsConfig;
 import io.quarkus.vault.VaultKVSecretEngine;
 import io.quarkus.vault.VaultSystemBackendEngine;
 import io.quarkus.vault.VaultTOTPSecretEngine;
 import io.quarkus.vault.VaultTransitSecretEngine;
-import io.quarkus.vault.runtime.config.VaultBuildTimeConfig;
-import io.quarkus.vault.runtime.config.VaultRuntimeConfig;
 
 @ApplicationScoped
 public class VaultServiceProducer {
@@ -58,8 +55,4 @@ public CredentialsProvider createCredentialsProvider() {
     public void close() {
         VaultManager.reset();
     }
-
-    public void setVaultConfigs(VaultBuildTimeConfig buildTimeConfig, VaultRuntimeConfig serverConfig, TlsConfig tlsConfig) {
-        VaultManager.init(buildTimeConfig, serverConfig, tlsConfig);
-    }
 }

extensions/vault/runtime/src/main/java/io/quarkus/vault/runtime/config/HealthConfig.java

@@ -25,4 +25,12 @@ public class HealthConfig {
     @ConfigItem
     public boolean performanceStandByOk;
 
+    @Override
+    public String toString() {
+        return "HealthConfig{" +
+                "enabled=" + enabled +
+                ", standByOk=" + standByOk +
+                ", performanceStandByOk=" + performanceStandByOk +
+                '}';
+    }
 }

extensions/vault/runtime/src/main/java/io/quarkus/vault/runtime/config/VaultBuildTimeConfig.java

@@ -15,4 +15,10 @@ public class VaultBuildTimeConfig {
     @ConfigDocSection
     public HealthConfig health;
 
+    @Override
+    public String toString() {
+        return "VaultBuildTimeConfig{" +
+                "health=" + health +
+                '}';
+    }
 }