Giters

akamalov / vault-demo-2

Small demos of Vault's dynamic database secrets engine

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Vault Demo

Repository to go with my talk on How to Secure Your Microservices.

Required Tools:

  • docker-compose
  • vault client
  • postgres client
  • dotnet, if you want to run the sample apps

Setup:

  1. eval $(./environment.sh) - configures a few environment variables
  2. docker-compose up -d
  3. ./init.sh - writes services into Consul, create pg vault user
  4. ./postgres.sh - sets up the database secrets engine
  5. ./approles.sh - creates the demo_service approle

Apps

All apps just connect to postgres, and list all users/roles and their expiry times.

  1. DirectAccess
    • uses vault master token
  2. AppRoleAccess
    • uses a RoleID and SecretID.
    • Set VaultRoleID environment variable
    • Set VaultSecretID in the appsettings.json
  3. ServiceDiscoveryAccess
    • uses Consul and RoleID and SecretID
    • Set VaultRoleID environment variable
    • Set VaultSecretID in the appsettings.json

Useful Commands

  • psql -c "select rolname, rolvaliduntil from pg_roles;"

About

Small demos of Vault's dynamic database secrets engine

Languages

Language:C# 61.8%Language:Shell 38.2%