Skip to content

nagyesta/lowkey-vault-example

Repository files navigation

LowkeyVault

GitHub license GitHub Workflow Status Lowkey secure

Lowkey Vault - Example

This repository contains the following examples for Lowkey Vault:

Java version

In this example, the core of the application was generated with Spring Initializr The image is started with Testcontainers. The test cases are using Azure Key Vault Key client and Azure Key Vault Secret client.

Points of interest

Note: In order to better understand what is needed in general to make similar examples work, please find a generic overview here.

Usage

Docker

Run the tests and let the context run Lowkey Vault using Docker:

./gradlew clean build -Pdocker

In this mode, not only the docker, but the managed-identity profile is activated by the Gradle test task. Also, the same configuration ensures, that the two required environment variables are configured as well:

Tip

Since v2.4.2, Lowkey Vault is providing the same token endpoint on the 8080 port by default. Therefore, you don't need to start another container.

By setting these, the following things will happen:

  1. The test configuration will create a DefaultAzureCredential instance for the authentication due to the managed-identity Spring profile.
  2. The created credential will use the configured identity endpoint as token source
  3. The Assumed Identity container that is started by the test configuration will issue a dummy token whenever the managed identity logic used by the DefaultAzureCredential requires one.
  4. Lowkey Vault will accept the dummy token

Jar

Run the tests and let the context run Lowkey Vault using Jar:

./gradlew clean build -Pprocess

Note

Managed identity will NOT be active with this profile, so no need to start Assumed Identity as well.

External

Start Lowkey Vault manually:

java -jar lowkey-vault-app-<version>.jar

Run the tests using the externally started Lowkey Vault:

./gradlew clean build

Note

Managed identity will NOT be active with this profile, so no need to start Assumed Identity as well.

Java version

This example is using the official Azure Starter for setting up a Key Vault backed property source. The application was generated with Spring Initializr. The Lowkey Vault and Assumed Identity images are started using Docker Compose.

Warning: The example depends on the 5.6.0+ version of the Spring Cloud Azure Starter implementation.

Points of interest

Note: In order to better understand what is needed in general to make similar examples work, please find a generic overview here.

In this mode, the containers are automatically started using the docker-compose.yml. The Lowkey Vault container will restore a previously saved state including the secret which will be used by the application. The Gradle configuration ensures, that the two required environment variables are configured as well:

Tip

Since v2.4.2, Lowkey Vault is providing the same token endpoint on the 8080 port by default. Therefore, you don't need to start another container.

Usage

Run the tests and let the context run Lowkey Vault using Docker Compose:

./gradlew clean build

Run the application locally:

./gradlew bootRun

About

POC example for using Lowkey Vault in your Spring project.

Resources

License

Code of conduct

Security policy

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Contributors 3

  •  
  •  
  •