Skip to content
/ springboot-vault-examples Public

The goal of this project is to explore the capabilities of Vault. To achieve this, we will develop applications that utilize Vault for storing and retrieving secrets. Vault dynamically generates credentials for accessing databases and relies on Consul as the backend. The authentication method employed in Vault is AppRole.

24 stars 11 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

ivangfr/springboot-vault-examples

BranchesTags

Repository files navigation

springboot-vault-examples

The goal of this project is to explore the capabilities of Vault. To achieve this, we will develop applications that utilize Vault for storing and retrieving secrets. Vault dynamically generates credentials for accessing databases and relies on Consul as the backend. The authentication method employed in Vault is AppRole.

Proof-of-Concepts & Articles

On ivangfr.github.io, I have compiled my Proof-of-Concepts (PoCs) and articles. You can easily search for the technology you are interested in by using the filter. Who knows, perhaps I have already implemented a PoC or written an article about what you are looking for.

Additional Readings

Lease Rotation

Many people encounter issues when using Vault, particularly with rotating the lease for backend databases. When a Spring Boot application requests a lease from Vault through the Spring Cloud Vault library, the library can automatically renew the lease periodically (based on default_lease_ttl).

However, once the maximum lease expiration time (max_lease_ttl) is reached, the lease cannot be renewed, and a new lease is needed. In this case, the Spring Cloud Vault library cannot rotate the lease, which may leave the application unable to connect to the database.

To address this issue, we have developed solutions for applications using Spring Cloud Vault or Spring Vault. Please see the examples below.

Examples

Example Diagram
spring-cloud-vault-approle-mysql (with lease rotation) project-diagram
spring-cloud-vault-approle-cassandra project-diagram
spring-vault-approle-mysql (with lease rotation) project-diagram
spring-vault-approle-multi-datasources-mysql (with lease rotation) project-diagram

Prerequisites

Initialize Environment

Open a terminal and, inside the springboot-vault-examples root folder, run the following script:

./init-environment.sh

This script will:

  • start Consul, Vault, MySQL, and Cassandra Docker containers;
  • unseal Vault and enable AppRole in it;
  • setup Database roles and policies in Vault for the application so that they can access their databases using dynamically generated credentials;
  • setup KV Secrets in Vault for the application;

Shutdown Environment

To shut down the environment, go to a terminal and, inside the springboot-vault-examples root folder, run the script below:

./shutdown-environment.sh

Cleanup

To remove all Docker images created by this project, go to a terminal and, inside the springboot-vault-examples root folder, run the following script:

./remove-docker-images.sh all

About

The goal of this project is to explore the capabilities of Vault. To achieve this, we will develop applications that utilize Vault for storing and retrieving secrets. Vault dynamically generates credentials for accessing databases and relies on Consul as the backend. The authentication method employed in Vault is AppRole.

Topics

mysql java docker cassandra spring-boot consul vault spring-data-jpa spring-web-mvc spring-cloud-vault spring-vault jib springdoc-openapi

Resources

Readme
Activity

Stars

24 stars

Watchers

2 watching

Forks

11 forks
Report repository

Releases

No releases published

Sponsor this project

 
Learn more about GitHub Sponsors

Packages

No packages published

Languages