Skip to content

hashicorp-dev-advocates/workshop-vault-for-developers

Repository files navigation

Workshop: HashiCorp Vault for Development Teams

Workshop template to teach HashiCorp Vault for development teams.

Objectives

Write an application that...

  1. Gets a secret from secrets management.

    1. Learn how to use the Vault API
    2. Learn how to use Vault Agent
  2. Reloads when a secret changes.

    1. Refactor application to reload
    2. Configure Vault agent to reload application
  3. Encrypts data in memory using secrets management.

    1. Install Vault SDK for application
    2. Write code to encrypt/decrypt with Vault keys

Prerequisites

Demo Application

                              Get all payments from database
                 ┌───────────────────────────────────────────────────────┐
                 │                                                       │
                 │                                                       │
                 │                                                       │
                 │        3.If success, store encrypted payload          ▼
           payments-app────────────────────────────────────────────►payments-database
           │          ▲
           │          │
           │          │
1.POST     │          │ 2.Return
  encrypted│          │ payment
  payload  │          │ status
           │          │
           ▼          │
           payments-processor

Usage

Docker Compose

For Docker-only (mostly for in-depth examination), you can review the tasks in the docker-compose/Makefile directory.

Go into the docker-compose/ directory.

$ cd docker-compose

Set up the Vault server, application database, and payments-processor application.

$ make setup

For the Vault agent example, run:

$ make java

For the Spring Cloud Vault (code-based) example, run:

$ make java-sdk

To clean up, run:

$ make clean

Kubernetes

For Kubernetes, you can review the tasks in the kubernetes/Makefile directory.

NOTE: The Kubernetes deployment uses a Vault agent approach instead of a programming language.

Go into the kubernetes/ directory.

$ cd kubernetes

Set up the Vault server, application database, and payments-processor application.

$ make setup

For the SIGTERM-based approach (framework doesn't have a refresh capability), run:

$ make java-sigterm

For the refresh API endpoint approach, run:

$ make java

To issue API calls, you can use the Postman collection. However, you'll need to update the Environment to use Minikube's tunnel addresses if you are on Mac.

Run minikube service payments-app --url. It will output the URL for the tunnel that routes to localhost.

Clean Up

To clean up deployments, run make clean in the working directory for the Docker or Kubernetes setups.

Supported Platforms

  • Kubernetes - in code and slides
  • Docker (using Docker for Desktop) - in code only

Supported Languages & Frameworks

  • Spring Boot (Java)