back to list
Emerging Technologies

Keep your secrets with Spring Vault

In modern cloud-native applications, externalizing the configuration properties is a necessity that changes based on the environment. One of the common use, when we implement cloud-native Spring Boot microservices, is to manage the secrets. Secrets can be anything that is either static or dynamic like user name/password credentials for databases that we integrate with our service layers such as MYSQL, MongoDB, Oracle DB, etc., or credentials and certificates to access remote resources/applications.

What is Spring Vault?

Spring Cloud Config Server has been a proven solution already that acts as a centralized framework for managing the application-related configuration properties in a distributed environment. Spring Cloud Config Server manages external configuration with the help of config storage done in private secured repositories like Github, SVN, or even vault. Storing the sensitive data secured in the config server is a challenge. Spring Vault helps to solve this by providing abstractions, provision for storing/revoking secrets, and giving client-side support for accessing the secrets from a HashiCorp Vault. HashiCorp Vault is a commonly used open-source secret server from HashiCorp.

In a cloud-distributed system, we can get the benefit of using Spring Cloud Vault which provides client-side support for externalizing the configurations. Spring Cloud Vault uses Spring Vault to provide a configuration integration for Spring Boot-based applications.

Features

1. Robust service to manage the secrets
2. Vault comes with inbuilt secret encryption and avoids the threat of client-side decryption key leakage issue.
3. Provides API to access secrets and can be configured to give access to secrets based on policies
4. Any client who accesses the secrets needs to authenticate themselves and only clients who are authorized can access a secret
5. Vault does not store the key in a persistent location
6. Starting and restarting of vault needs one or more operators to unseal it.

How to use it?

1. Start up the vault and store configuration properties inside Vault from https://www.vaultproject.io/downloads.html
2. Create you Spring Boot project referring
https://docs.spring.io/spring-cloud-vault/docs/current/reference/html/#client-side-usage

3. Do proper production hardening referring https://learn.hashicorp.com/tutorials/vault/production-hardening

Author Details

Krishna kalesh Balakrishnan

Technology Architect in Infosys. Involved in the modernization and software development process of clients in e-commerce and airline domains.

Leave a Comment

Your email address will not be published.


Related Articles

Saying goodbye to large monolithic systems in favor of MACH

June 15th, 2023

CNAPP Security Model for Secure Apps

December 21st, 2022

Enable Spring Boot Apps with Spring Native Beta

March 29th, 2022

Recent Articles

AI-First Wealth Management

July 26, 2024 8:32 PM

Reshaping Financial Risk Management With AI Enabled Synthetic Data

July 19, 2024 1:26 PM

Leveraging the Cloud as a Source of Competitive Business Advantage

July 17, 2024 3:29 PM

Featured Articles

Maximo Can Do Supply Chain - Unveiled!

December 27, 2023 9:14 AM

Migrating and Modernizing Windows Workloads on AWS

December 27, 2023 7:52 AM

Wind Energy: Overview, Maintenance and Structured CMMS Implementation Approach

December 27, 2023 7:51 AM

Most read

Leverage SAP Extended Warehouse Management (EWM) for Life Science and Pharmaceutical companies

December 7, 2021 4:17 PM

ORMB SaaS Cloud Service – An Overview

August 25, 2022 5:32 PM

Leverage SAP Extended Warehouse Management (EWM) for Life Science and Pharmaceutical companies-Continued

January 3, 2022 11:25 AM

Categories