Workshop template to teach HashiCorp Vault for development teams.
Write an application that...
-
Gets a secret from secrets management.
- Learn how to use the Vault API
- Learn how to use Vault Agent
-
Reloads when a secret changes.
- Refactor application to reload
- Configure Vault agent to reload application
-
Encrypts data in memory using secrets management.
- Install Vault SDK for application
- Write code to encrypt/decrypt with Vault keys
- Docker for Desktop v4.11.1
- Vault CLI v1.16.1+
- Kubernetes v1.24.3+
- Minikube v1.26.1+
Get all payments from database
┌───────────────────────────────────────────────────────┐
│ │
│ │
│ │
│ 3.If success, store encrypted payload ▼
payments-app────────────────────────────────────────────►payments-database
│ ▲
│ │
│ │
1.POST │ │ 2.Return
encrypted│ │ payment
payload │ │ status
│ │
▼ │
payments-processor
For Kubernetes, you can review the tasks in the kubernetes/Makefile directory.
Run the commands in order...
make setupmake java
To issue API calls, you can use the Postman collection. However, you'll need
to update the Environment to use Minikube's tunnel addresses if you are on Mac.
Run minikube service payments-app --url. It will output the URL for the tunnel
that routes to localhost.
For Docker-only (mostly for in-depth examination), you can review
the tasks in the docker-compose/Makefile directory.
Run the commands in order...
make setupmake java
This uses Spring Cloud Vault configuration to inject secrets and refreshes the database connection and processor sessions on an interval.
Run the commands in order...
make setupmake java-sdk
To clean up deployments, run make clean in the working directory
for the Docker or Kubernetes setups.
- Kubernetes - in code and slides
- Docker (using Docker for Desktop) - in code only
- Spring Boot (Java)