Overview

This is a simple web application to showcase the usage of Hashicorp Vault to manage sensitive spring-boot application properties.

             

Deployment & Testing

• Run this docker-compose file to init the vault.

• By default, vault will run on Development mode for testing; Open management page here.

• Get the root token from your container log and use it to access vault page.

• Then, you can open Access > Authentication Methods, then add userpass access method.

• On this tutorial, create a User within userpass with username ali and password Pass@1234.

• Go to Access > Entities and assign default policy to the entity/user you just created.

  If entity didn't show up, then you need to logout >> login with user credentials >> logout >> login with root.

• Later you can create your secrets on Secret Engines, then add two entries for username & password as shown below:

• For this example, add below values to spring-demo:

  demo.database.username	test
  demo.database.password	Test@1234

  Make sure to copy the api path.

• Then you can call the api with your user credentials and get a token

    curl --location 'http://localhost:8200/v1/auth/userpass/login/ali' --header 'Content-Type: application/x-www-form-urlencoded' --data-urlencode 'password=Pass@1234'

• Pass the obtained client_token to the application via ${VAULT_TOKEN} env variable.

• Next, update your default policy from Policies > ACL Policies like shown below:
  

  This is to allow this user to read those secrets — To read more about policies.

• Run your application.

• Access the H2 database console to verify the credentials are loaded and working properly.