Save 37% off PRO during our Black Friday Sale! »

Securing Spring Applications with Hashicorp Vault

Securing Spring Applications with Hashicorp Vault

The talk held at Spring I/O 18 on 24th of May 2018 showed how to use Hashicorp Vault to secure Spring applications. Token and Approle authentication as well as the PKI and database backends have been shown.

The companion code is available from https://github.com/jandd/spring-boot-vault-demo

4ce24d7ab69a350a8bacb5460a3e5551?s=128

Jan Dittberner

May 24, 2018
Tweet

Transcript

  1. Securing Spring Applications with Hashicorp Vault Jan Dittberner @jandd

  2. Jan Dittberner Software architect Topics: Linux, PKI, Automation, … Jan

    Dittberner DevDay – Dresden, 24.04.2018 1
  3. Jan Dittberner Software architect Topics: Linux, PKI, Automation, … Debian

    Developer Infrastructure team lead CAcert.org Jan Dittberner DevDay – Dresden, 24.04.2018 1
  4. WHAT IS VAULT? HashiCorp Vault secures, stores, and tightly controls

    access to tokens, passwords, certificates, API keys, and other secrets in modern computing. Vault handles leasing, key revocation, key rolling, and auditing. Through a unified API, users can access an encrypted Key/Value store and network encryption-as-a-service, or generate AWS IAM/STS credentials, SQL/NoSQL databases, X.509 certificates, SSH credentials, and more. Jan Dittberner DevDay – Dresden, 24.04.2018 2
  5. DEMO

  6. DEMO VAULT AND SPRING-BOOT, TOKEN AND APPROLE AUTHENTICATION Jan Dittberner

    DevDay – Dresden, 24.04.2018 3
  7. DEMO DYNAMIC X.509 CERTIFICATES FROM VAULT PKI Jan Dittberner DevDay

    – Dresden, 24.04.2018 4
  8. DEMO DYNAMIC DATABASE CREDENTIALS FROM VAULT DATABASE ENGINE Jan Dittberner

    DevDay – Dresden, 24.04.2018 5
  9. THANKS! Q & A Jan Dittberner @jandd