Workshop template to teach HashiCorp Vault for development teams.
Write an application that...
-
Gets a secret from secrets management.
- Learn how to use the Vault API
- Learn how to use Vault Agent
-
Reloads when a secret changes.
- Refactor application to reload
- Configure Vault agent to reload application
-
Encrypts data in memory using secrets management.
- Install Vault SDK for application
- Write code to encrypt/decrypt with Vault keys
- Docker for Desktop v4.11.1
- Vault CLI v1.16.1+
- Kubernetes v1.24.3+
- Minikube v1.26.1+
Get all payments from database
┌───────────────────────────────────────────────────────┐
│ │
│ │
│ │
│ 3.If success, store encrypted payload ▼
payments-app────────────────────────────────────────────►payments-database
│ ▲
│ │
│ │
1.POST │ │ 2.Return
encrypted│ │ payment
payload │ │ status
│ │
▼ │
payments-processor
For Docker-only (mostly for in-depth examination), you can review
the tasks in the docker-compose/Makefile directory.
Go into the docker-compose/ directory.
$ cd docker-composeSet up the Vault server, application database, and payments-processor application.
$ make setupFor the Vault agent example, run:
$ make javaFor the Spring Cloud Vault (code-based) example, run:
$ make java-sdkTo clean up, run:
$ make cleanFor Kubernetes, you can review the tasks in the kubernetes/Makefile directory.
NOTE: The Kubernetes deployment uses a Vault agent approach instead of a programming language.
Go into the kubernetes/ directory.
$ cd kubernetesSet up the Vault server, application database, and payments-processor application.
$ make setupFor the SIGTERM-based approach (framework doesn't have a refresh capability), run:
$ make java-sigtermFor the refresh API endpoint approach, run:
$ make javaTo issue API calls, you can use the Postman collection. However, you'll need
to update the Environment to use Minikube's tunnel addresses if you are on Mac.
Run minikube service payments-app --url. It will output the URL for the tunnel
that routes to localhost.
To clean up deployments, run make clean in the working directory
for the Docker or Kubernetes setups.
- Kubernetes - in code and slides
- Docker (using Docker for Desktop) - in code only
- Spring Boot (Java)