{"id":18048041,"url":"https://github.com/ivangfr/springboot-vault-examples","last_synced_at":"2025-04-10T09:46:47.001Z","repository":{"id":111328768,"uuid":"197272602","full_name":"ivangfr/springboot-vault-examples","owner":"ivangfr","description":"The goal of this project is to explore the capabilities of Vault. To achieve this, we will develop applications that utilize Vault for storing and retrieving secrets. Vault dynamically generates credentials for accessing databases and relies on Consul as the backend. The authentication method employed in Vault is AppRole.","archived":false,"fork":false,"pushed_at":"2024-12-20T17:49:00.000Z","size":1587,"stargazers_count":24,"open_issues_count":0,"forks_count":12,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-03-24T08:42:24.726Z","etag":null,"topics":["cassandra","consul","docker","java","jib","mysql","spring-boot","spring-cloud-vault","spring-data-jpa","spring-vault","spring-web-mvc","springdoc-openapi","vault"],"latest_commit_sha":null,"homepage":"","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ivangfr.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"github":"ivangfr"}},"created_at":"2019-07-16T21:49:46.000Z","updated_at":"2025-01-03T09:49:03.000Z","dependencies_parsed_at":"2024-08-17T11:52:59.260Z","dependency_job_id":null,"html_url":"https://github.com/ivangfr/springboot-vault-examples","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ivangfr%2Fspringboot-vault-examples","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ivangfr%2Fspringboot-vault-examples/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ivangfr%2Fspringboot-vault-examples/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ivangfr%2Fspringboot-vault-examples/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ivangfr","download_url":"https://codeload.github.com/ivangfr/springboot-vault-examples/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248196609,"owners_count":21063467,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cassandra","consul","docker","java","jib","mysql","spring-boot","spring-cloud-vault","spring-data-jpa","spring-vault","spring-web-mvc","springdoc-openapi","vault"],"created_at":"2024-10-30T20:11:04.964Z","updated_at":"2025-04-10T09:46:46.976Z","avatar_url":"https://github.com/ivangfr.png","language":"Java","funding_links":["https://github.com/sponsors/ivangfr"],"categories":[],"sub_categories":[],"readme":"# springboot-vault-examples\n\nThe goal of this project is to explore the capabilities of [`Vault`](https://www.vaultproject.io). To achieve this, we will develop applications that utilize `Vault` for storing and retrieving secrets. `Vault` dynamically generates credentials for accessing databases and relies on [`Consul`](https://www.consul.io) as the backend. The authentication method employed in `Vault` is `AppRole`.\n\n## Proof-of-Concepts \u0026 Articles\n\nOn [ivangfr.github.io](https://ivangfr.github.io), I have compiled my Proof-of-Concepts (PoCs) and articles. You can easily search for the technology you are interested in by using the filter. Who knows, perhaps I have already implemented a PoC or written an article about what you are looking for.\n\n## Additional Readings\n\n- \\[**Medium**\\] [**Using HashiCorp Vault \u0026 Spring Cloud Vault to handle Spring Boot App Key/Value Secrets**](https://medium.com/@ivangfr/using-hashicorp-vault-spring-cloud-vault-to-handle-spring-boot-app-key-value-secrets-926b81d0173b)\n- \\[**Medium**\\] [**Using HashiCorp Vault \u0026 Spring Cloud Vault to obtain Dynamic MySQL Credentials**](https://medium.com/@ivangfr/using-hashicorp-vault-spring-cloud-vault-to-obtain-dynamic-mysql-credentials-5726f4fa53c2)\n- \\[**Medium**\\] [**How to Rotate Expired Spring Cloud Vault Relational DB Credentials Without Restarting the App**](https://medium.com/@ivangfr/how-to-rotate-expired-spring-cloud-vault-relational-db-credentials-without-restarting-the-app-66976fbb4bbe)\n\n## Lease Rotation\n\nMany people encounter issues when using `Vault`, particularly with rotating the lease for backend databases. When a [`Spring Boot`](https://docs.spring.io/spring-boot/index.html) application requests a lease from `Vault` through the [`Spring Cloud Vault`](https://cloud.spring.io/spring-cloud-vault/reference/html/) library, the library **can automatically renew** the lease periodically (based on `default_lease_ttl`).\n\nHowever, once the maximum lease expiration time (`max_lease_ttl`) is reached, the lease cannot be renewed, and a new lease is needed. In this case, the `Spring Cloud Vault` library **cannot rotate** the lease, which may leave the application unable to connect to the database.\n\nTo address this issue, we have developed solutions for applications using `Spring Cloud Vault` or [`Spring Vault`](https://docs.spring.io/spring-vault/reference/). Please see the examples below.\n\n## Examples\n\n| Example                                                                                                                                                                                  | Diagram                                                                             |\n|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------|\n| [spring-cloud-vault-approle-mysql](https://github.com/ivangfr/springboot-vault-examples/tree/master/spring-cloud-vault-approle-mysql) **(with lease rotation)**                          | ![project-diagram](documentation/spring-cloud-vault-approle-mysql.jpeg)             |\n| [spring-cloud-vault-approle-cassandra](https://github.com/ivangfr/springboot-vault-examples/tree/master/spring-cloud-vault-approle-cassandra)                                            | ![project-diagram](documentation/spring-cloud-vault-approle-cassandra.jpeg)         |\n| [spring-vault-approle-mysql](https://github.com/ivangfr/springboot-vault-examples/tree/master/spring-vault-approle-mysql) **(with lease rotation)**                                      | ![project-diagram](documentation/spring-vault-approle-mysql.jpeg)                   |\n| [spring-vault-approle-multi-datasources-mysql](https://github.com/ivangfr/springboot-vault-examples/tree/master/spring-vault-approle-multi-datasources-mysql) **(with lease rotation)**  | ![project-diagram](documentation/spring-vault-approle-multi-datasources-mysql.jpeg) |\n\n## Prerequisites\n\n- [`Java 21+`](https://www.oracle.com/java/technologies/downloads/#java21)\n- Some containerization tool [`Docker`](https://www.docker.com), [`Podman`](https://podman.io), etc.\n\n## Initialize Environment\n\nOpen a terminal and, inside the `springboot-vault-examples` root folder, run the following script:\n```\n./init-environment.sh\n```\n\nThis script will:\n- start `Consul`, `Vault`, `MySQL`, and `Cassandra` Docker containers;\n- unseal `Vault` and enable `AppRole` in it;\n- setup Database `roles` and `policies` in `Vault` for the application so that they can access their databases using dynamically generated credentials;\n- setup `KV Secrets` in `Vault` for the application;\n\n## Shutdown Environment\n\nTo shut down the environment, go to a terminal and, inside the `springboot-vault-examples` root folder, run the script below:\n```\n./shutdown-environment.sh\n```\n\n## Cleanup\n\nTo remove all Docker images created by this project, go to a terminal and, inside the `springboot-vault-examples` root folder, run the following script:\n```\n./remove-docker-images.sh all\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fivangfr%2Fspringboot-vault-examples","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fivangfr%2Fspringboot-vault-examples","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fivangfr%2Fspringboot-vault-examples/lists"}