Skip to content

hashicorp-education/learn-vault-plugin-secrets-hashicups

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits

.vscode

.vscode

 
 

cmd/vault-plugin-secrets-hashicups

cmd/vault-plugin-secrets-hashicups

 
 

docker_compose

docker_compose

 
 

kubernetes

kubernetes

 
 

solution

solution

 
 

terraform

terraform

 
 

.gitignore

.gitignore

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

backend.go

backend.go

 
 

backend_test.go

backend_test.go

 
 

client.go

client.go

 
 

go.mod

go.mod

 
 

go.sum

go.sum

 
 

hashicups_token.go

hashicups_token.go

 
 

path_config.go

path_config.go

 
 

path_config_test.go

path_config_test.go

 
 

path_credentials.go

path_credentials.go

 
 

path_credentials_test.go

path_credentials_test.go

 
 

path_roles.go

path_roles.go

 
 

path_roles_test.go

path_roles_test.go

 
 

stepwise_test.go

stepwise_test.go

 
 

Repository files navigation

vault-plugin-secrets-hashicups

This secrets engine renews and revokes JSON Web Tokens (JWTs) for the HashiCorp demo application. It is shared here as supporting content for the Define Roles for the Secrets Engine tutorial.

Prerequisites

  1. Target API with CRUD capabilities for secrets.
  2. Golang 1.16+
  3. Docker & Docker Compose 20.10+
  4. Terraform 1.0+
  5. Google Cloud Platform

Install

  1. Run go mod init.

  2. Build the secrets engine into a plugin using Go.

    $ go build -o vault/plugins/vault-plugin-secrets-hashicups cmd/vault-plugin-secrets-hashicups/main.go

  3. You can find the binary in vault/plugins/.

    $ ls vault/plugins/

  4. Run a Vault server in dev mode to register and try out the plugin.

    $ vault server -dev -dev-root-token-id=root -dev-plugin-dir=./vault/plugins

Start the HashiCorp Demo Application

The HashiCorp Demo Application includes a set of services that run an online coffee store. In this demo, we use two of these services:

  • A products database, which stores information about coffee and user logins.
  • A products API, which returns information about coffee, ingredients, and handles user logins.

  1. Go to the terraform directory. It includes configuration files to create a Kubernetes cluster.

    cd terraform && terraform init && terraform apply

  2. Start the HashiCorp Demo Application in Kubernetes.

    kubectl apply -f kubernetes/

  3. You should have started two containers.

    $ kubectl get deployments

NAME          READY   UP-TO-DATE   AVAILABLE   AGE
postgres      1/1     1            1           91s
product-api   1/1     1            1           90s

You can access the products API on http://$(kubectl get service product-api -o jsonpath="{.status.loadBalancer.ingress[*].ip}"):9090.

We'll be using specific API endpoints related to user logins in the products API.

PATH METHOD DESCRIPTION HEADER REQUEST RESPONSE
/signup POST Create a new user with a password. {"username": "user", "password": "pass"} {"UserID":1,"Username":"user","token":"<JWT>"}
/signin POST Sign in an existing user and return an API token in the form of a JWT {"username": "user", "password": "pass"} {"UserID":1,"Username":"user","token":"<JWT>"}
/signout POST Sign out a user based on their API token Authorization:<JWT> Signed out user

Additional references:

About

Supporting content for the Define Roles for the Secrets Engine tutorial

Resources

Readme

License

MPL-2.0 license
Activity
Custom properties

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages