spring-projects · DragonFSKY · May 12, 2026
diff --git a/...lt-core/src/main/java/org/springframework/vault/config/EnvironmentVaultConfiguration.java b/...lt-core/src/main/java/org/springframework/vault/config/EnvironmentVaultConfiguration.java
@@ -81,7 +81,7 @@
  * Authentication-specific properties must be provided depending on the
  * authentication method.
  * <ul>
- * <li>Vault URI: {@code vault.uri}</li>
+ * <li>Vault URI: {@code vault.uri} (falls back to {@code VAULT_ADDR})</li>
  * <li>SSL Configuration
  * <ul>
  * <li>Keystore resource: {@code vault.ssl.key-store} (optional)</li>
@@ -223,10 +223,13 @@ public void setApplicationContext(ApplicationContext applicationContext) throws
 	@Override
 	public VaultEndpoint vaultEndpoint() {
 		String uri = getProperty("vault.uri");
+		if (uri == null) {
+			uri = getProperty("VAULT_ADDR");
+		}
 		if (uri != null) {
 			return VaultEndpoint.from(URI.create(uri));
 		}
-		throw new IllegalStateException("Vault URI (vault.uri) is null");
+		throw new IllegalStateException("Vault URI (vault.uri or VAULT_ADDR) is null");
 	}
 
 	@Override

diff --git a/...rc/test/java/org/springframework/vault/config/EnvironmentVaultConfigurationUnitTests.java b/...rc/test/java/org/springframework/vault/config/EnvironmentVaultConfigurationUnitTests.java
@@ -23,6 +23,7 @@
 import org.junit.jupiter.api.extension.ExtendWith;
 
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.AnnotationConfigApplicationContext;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.Import;
 import org.springframework.core.env.ConfigurableEnvironment;
@@ -65,6 +66,37 @@ void shouldConfigureEndpoint() {
 		assertThat(this.configuration.vaultEndpoint().getPort()).isEqualTo(8123);
 	}
 
+	@Test
+	void shouldConfigureEndpointUsingVaultAddr() {
+
+		try (AnnotationConfigApplicationContext context = new AnnotationConfigApplicationContext()) {
+
+			context.getEnvironment()
+					.getPropertySources()
+					.addFirst(new MapPropertySource("vaultAddr",
+							Map.of("VAULT_ADDR", "https://localhost:9123", "vault.token", "my-token")));
+			context.register(ApplicationConfiguration.class);
+			context.refresh();
+
+			assertThat(context.getBean(EnvironmentVaultConfiguration.class).vaultEndpoint().getPort()).isEqualTo(9123);
+		}
+	}
+
+	@Test
+	void shouldPreferVaultUriOverVaultAddr() {
+
+		MapPropertySource propertySource = new MapPropertySource("vaultAddr",
+				Map.of("VAULT_ADDR", "https://localhost:9123"));
+		this.configurableEnvironment.getPropertySources().addFirst(propertySource);
+
+		try {
+			assertThat(this.configuration.vaultEndpoint().getPort()).isEqualTo(8123);
+		}
+		finally {
+			this.configurableEnvironment.getPropertySources().remove(propertySource.getName());
+		}
+	}
+
 	@Test
 	void shouldConfigureTokenAuthentication() {
 

diff --git a/src/main/antora/modules/ROOT/pages/vault/imperative-template.adoc b/src/main/antora/modules/ROOT/pages/vault/imperative-template.adoc
@@ -177,7 +177,7 @@ vault.token=00000000-0000-0000-0000-000000000000
 
 **Property keys**
 
-* Vault URI: `vault.uri`
+* Vault URI: `vault.uri` (falls back to `VAULT_ADDR`)
 * SSL Configuration
 ** Keystore resource: `vault.ssl.key-store` (optional)
 ** Keystore password: `vault.ssl.key-store-password` (optional)