Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up

The goal of this project is to explore the capabilities of Vault. To achieve this, we will develop applications that utilize Vault for storing and retrieving secrets. Vault dynamically generates credentials for accessing databases and relies on Consul as the backend. The authentication method employed in Vault is AppRole.

NotificationsYou must be signed in to change notification settings

ivangfr/springboot-vault-examples

Repository files navigation

The goal of this project is to explore the capabilities ofVault. To achieve this, we will develop applications that utilizeVault for storing and retrieving secrets.Vault dynamically generates credentials for accessing databases and relies onConsul as the backend. The authentication method employed inVault isAppRole.

Proof-of-Concepts & Articles

Onivangfr.github.io, I have compiled my Proof-of-Concepts (PoCs) and articles. You can easily search for the technology you are interested in by using the filter. Who knows, perhaps I have already implemented a PoC or written an article about what you are looking for.

Additional Readings

Lease Rotation

Many people encounter issues when usingVault, particularly with rotating the lease for backend databases. When aSpring Boot application requests a lease fromVault through theSpring Cloud Vault library, the librarycan automatically renew the lease periodically (based ondefault_lease_ttl).

However, once the maximum lease expiration time (max_lease_ttl) is reached, the lease cannot be renewed, and a new lease is needed. In this case, theSpring Cloud Vault librarycannot rotate the lease, which may leave the application unable to connect to the database.

To address this issue, we have developed solutions for applications usingSpring Cloud Vault orSpring Vault. Please see the examples below.

Examples

ExampleDiagram
spring-cloud-vault-approle-mysql(with lease rotation)project-diagram
spring-cloud-vault-approle-cassandraproject-diagram
spring-vault-approle-mysql(with lease rotation)project-diagram
spring-vault-approle-multi-datasources-mysql(with lease rotation)project-diagram

Prerequisites

Initialize Environment

Open a terminal and, inside thespringboot-vault-examples root folder, run the following script:

./init-environment.sh

This script will:

  • startConsul,Vault,MySQL, andCassandra Docker containers;
  • unsealVault and enableAppRole in it;
  • setup Databaseroles andpolicies inVault for the application so that they can access their databases using dynamically generated credentials;
  • setupKV Secrets inVault for the application;

Shutdown Environment

To shut down the environment, go to a terminal and, inside thespringboot-vault-examples root folder, run the script below:

./shutdown-environment.sh

Cleanup

To remove all Docker images created by this project, go to a terminal and, inside thespringboot-vault-examples root folder, run the following script:

./remove-docker-images.sh all

About

The goal of this project is to explore the capabilities of Vault. To achieve this, we will develop applications that utilize Vault for storing and retrieving secrets. Vault dynamically generates credentials for accessing databases and relies on Consul as the backend. The authentication method employed in Vault is AppRole.

Topics

Resources

Stars

Watchers

Forks

Releases

No releases published

Sponsor this project

 

Packages

No packages published

Languages

[8]ページ先頭
©2009-2025 Movatter.jp