Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/robincher/kong-hashicorp-vault-demo

Kong and Hashicorp Vault Integration
https://github.com/robincher/kong-hashicorp-vault-demo

Last synced: about 1 month ago
JSON representation

Kong and Hashicorp Vault Integration

Host: GitHub
URL: https://github.com/robincher/kong-hashicorp-vault-demo
Owner: robincher
Created: 2023-07-26T02:52:47.000Z (over 1 year ago)
Default Branch: master
Last Pushed: 2023-08-15T05:34:19.000Z (over 1 year ago)
Last Synced: 2023-08-15T06:35:07.277Z (over 1 year ago)
Size: 318 KB
Stars: 0
Watchers: 1
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

# Kong Secret Management with Hashicorp Vault

This will demonstrate how we stored Honeycomb API Key securely in Hashicorp Vault when configuring our OpenTelemetry Plugin. With this feature, you can securely rotate your secrets at your own secrets management solutions

![otel](./assets/hcv-kong.png)

## Setting Up

Create your own .env file and provide the required values. They are required to run the containers.

```
VAULT_DEV_ROOT_TOKEN_ID=
POSTGRES_PASSWORD=
```

### Enterprise License Loading (Optional)

For Kong enterprise users, you can load the license by sending a request Kong Admin API

```
http POST :8001/licenses \
payload='LICENSE_KEY'
```

## Starting Up

The docker compose will spin up Kong Gateway, Postgres and Hashicorp Vault

1. Start Docker Compose
```
docker-compose up -d
```

2. Tear-down
```
docker-compose down
```

## Configuration

### Create Vault Entity

Reference value in ```vault.example.yaml```

This will create a vault entity in Kong,which contains information on how Kong can authenticate and retrieve secrets from Hashicorp Vault.

```
deck sync --kong-addr=http://localhost:8001 -s config/vault.yaml
```

More configuration for Kong x HCV can be found here: https://docs.konghq.com/gateway/3.4.x/kong-enterprise/secrets-management/backends/hashicorp-vault/

### Put Secret in HCV

```
http --quiet $VAULT_URL/v1//data/honeycomb 'data:={"key":"value"}' X-Vault-Token:
```

### Create Demo Service and Route (Optional)

```
http :8001/services url=https://mockbin.org/request name=ot-demo

http :8001/services/ot-demo/routes name=ot-route expression='(http.path ^= "/ot2" || http.path ^= "/ot1")'
```

### Apply Opentelemetry Plugin with Secret reference

```
deck sync --kong-addr=http://localhost:8001 -s config/otel.yaml
```

### Testing

```
http POST :8000/ot1 "X-Foo:hello OT1"
http GET :8000/ot2 "X-Foo:hello OT2"
```

You should see the trace coming in your Honeycomb dashboard

![dashboard](./assets/honeycomb.png)

## References

1. [Kong with Hashicorp Vault as Secret Backend](https://docs.konghq.com/gateway/latest/kong-enterprise/secrets-management/backends/hashicorp-vault/)