This is a simple web application to showcase the usage of Hashicorp Vault to manage sensitive spring-boot application properties.
-
Run this docker-compose file to init the vault.
-
By default, vault will run on Development mode for testing; Open management page here.
-
Get the root token from your container log and use it to access vault page.
-
Then, you can open
Access > Authentication Methods
, then adduserpass
access method. -
On this tutorial, create a User within
userpass
with usernameali
and passwordPass@1234
. -
Go to
Access > Entities
and assign default policy to the entity/user you just created.If entity didn't show up, then you need to logout >> login with user credentials >> logout >> login with root.
-
Later you can create your secrets on
Secret Engines
, then add two entries for username & password as shown below: -
For this example, add below values to
spring-demo
:demo.database.username
test demo.database.password
Test@1234 Make sure to copy the api path.
-
Then you can call the api with your user credentials and get a token
curl --location 'http://localhost:8200/v1/auth/userpass/login/ali' --header 'Content-Type: application/x-www-form-urlencoded' --data-urlencode 'password=Pass@1234'
-
Pass the obtained client_token to the application via
${VAULT_TOKEN}
env variable. -
Next, update your default policy from
Policies > ACL Policies
like shown below:This is to allow this user to read those secrets — To read more about policies.
-
Run your application.
-
Access the H2 database console to verify the credentials are loaded and working properly.