Integrates Hashicorp's Vault into Microsoft Service Fabric, e.g. for on-prem scenarios.
This project is just a very basic example - it works - but IT IS NOT READY FOR PRODUCTION USE! No waranties! Sorry for this, but I don't have much spare time.
- Microsoft Visual Studio 2019 or higher
- Microsoft Azure ServiceFabric SDK installed
- A ServiceFabric cluster running (Cloud, 1-Node or 5-Node)
- HashiCorp's vault tool (Windows: vault.exe)
- Copy the vault tool (vault.exe) into the 'VaultService' project directory.
- Open the solution with Visual Studio
- Ensure platform is set to x64
- Restore all NuGet packages
- Build solution
- Run unit tests
- Deploy project to ServiceFabric cluster
If you have project requirements like high availability, scalability, independency (development, build, deployment) etc. then the microservice approach might be a solution. There are a lot of orchestrators for microservices but most of them are more or less strongly tied to linux as os and docker/ kubernetes as platform. But what if cloud deployment is just an option and on-premises deployability is required but your customer is not prepared for a linux and docker infrastructure? Here comes the outsider Microsoft Service Fabric into play which can be hosted on Linux or Windows, in the (Azure) cloud or locally and can handle docker services but can also manage pure processes.
Azure ServiceFabric has a rich tooling for cloud scenarios but just poor support for on-premises deployments - e.g. the key manager Azure KeyVault isn't available there. The independent tool "Vault" - available for diverse platforms - can fill such gaps because it is the "swiss army-knife" (in german: "eierlegende Wollmilchsau" ) for configuration, secrets and key management.
Vault has a lot of storage providers - some of them are enabled fo HA. Some of them are lesser stable e.g. the mssql provider makes heavy usage of inefficient "like" based search queries. Service Fabric manages it's own strategies for high availability and statefulness - unfortunately vault's possibilities doesn't integrate very well with Service Fabric.
This project provides a Service Fabric stateful service with one named partition, which configures, starts, stops and monitors the vault tool as an external process. It also provides a partial AWS S3 web interface, which will be configured as vaults storage stanza. The service then stores the received encrypted values from vault into Service Fabric's reliable dictionaries and also handles queries and deletions over it.
- Extend unit tests
- Add integration tests
- Implement consistent error handling
- Extend documentation
- Add build script's
- Add automated builds
- Add linux compatibility
- Improve security
- SSL/TLS encryption
- Manage authentication / authorizaion for local S3 web interface
- Auto-initialize, unseal and bootstrap vault
- Refactor code (e.g. use options for configuration etc.)
This project uses some ideas and source code from Gokhan Demir's (yadazula) S3Emulator project Credits also goes to Hashicorp for the vault tool and to Microsoft for the Service Fabric orchestration environment and all the programming tools around.
The source code of this repository is under MIT license. See the LICENSE file for details.