secrets are secrets. please, maintain keep them

S E C R E T S A R E S E C R E T S .P L E A S E , M A I N T A I N

K E E P T H E M ! .

A L E X S O T O B - L O R D O F T H E J A R S . C O M

alexsotoblordofthejars

alexsotoblordofthejars

Q U E S T I O N S

alexsotoblordofthejars

W H O E N C R Y P T P A S S W O R D S I NR E S O U R C E F I L E S ?

alexsotoblordofthejars

<<ResourceResourceidid==”myds””myds”typetype==”DataSource””DataSource”>>

JdbcDriver=org.hsqldb.jdbc.JDBCDriverJdbcDriver=org.hsqldb.jdbc.JDBCDriver

JdbcUrl=jdbc:hsqldb:mem:my-datasourceJdbcUrl=jdbc:hsqldb:mem:my-datasource

Username=SAUsername=SA

Password=SAPassword=SA

</</ResourceResource>>

A P A C H E T O M E E R E S O U R C E S

alexsotoblordofthejars

<<ResourceResourceidid==”myds””myds”typetype==”DataSource””DataSource”>>

JdbcDriver=org.hsqldb.jdbc.JDBCDriverJdbcDriver=org.hsqldb.jdbc.JDBCDriver

JdbcUrl=jdbc:hsqldb:mem:my-datasourceJdbcUrl=jdbc:hsqldb:mem:my-datasource

Username=SAUsername=SA

Password=xMH5uM1V9vQzVUv5LG7YLA==Password=xMH5uM1V9vQzVUv5LG7YLA==

PasswordCipher=AESPasswordCipher=AES

</</ResourceResource>>

<<ResourceResourceidid==”myresource””myresource”class-nameclass-name==""org.superbiz.VaultGatewayorg.superbiz.VaultGateway"">>

//.....//.....

VaultPassword=cipher:AES:xMH5uM1V9vQzVUv5LG7YLA==VaultPassword=cipher:AES:xMH5uM1V9vQzVUv5LG7YLA==

</</ResourceResource>>

A P A C H E T O M E E R E S O U R C E S

alexsotoblordofthejars

publicpublicAESPasswordCipherAESPasswordCipher(()){{

thisthis..keykey==readKeyFromDiskreadKeyFromDisk(());;

thisthis..secretKeysecretKey==newnewSecretKeySpecSecretKeySpec((keykey,,"AES""AES"));;

}}

publicpublicStringStringdecryptdecrypt((charchar[[]]charschars)){{

CiphercipherCiphercipher==CipherCipher..getInstancegetInstance(("AES""AES"));;

ciphercipher..initinit((CipherCipher..DECRYPT_MODEDECRYPT_MODE,,secretKeysecretKey));;

bytebyte[[]]rawraw==Base64Base64..getDecodergetDecoder(())..decodedecode((toByteArraytoByteArray((charschars))));;

bytebyte[[]]stringBytesstringBytes==ciphercipher..doFinaldoFinal((rawraw));;

StringclearTextStringclearText==newnewStringString((stringBytesstringBytes,,"UTF8""UTF8"));;

returnreturnclearTextclearText;;

}}

publicpubliccharchar[[]]encryptencrypt((StringsStrings)){{}}

I M P L E M E N T A T I O N

alexsotoblordofthejars

C H I C K E N - E G G P R O B L E M

alexsotoblordofthejars

M O N O L I T H A R C H I T E C T U R E

alexsotoblordofthejars

M I C R O S E R V I C E S A R C H I T E C T U R E ?

alexsotoblordofthejars

https://vaultproject.io/

A T O O L F O R M A N A G I N GS E C R E T S

alexsotoblordofthejars

V A U L T F E A T U R E SSecureSecretStorage

alexsotoblordofthejars

V A U L T F E A T U R E SSecureSecretStorage

DynamicSecrets

alexsotoblordofthejars

V A U L T F E A T U R E SSecureSecretStorage

DynamicSecretsDataEncryption

alexsotoblordofthejars

V A U L T F E A T U R E SSecureSecretStorage

DynamicSecretsDataEncryption

Leasing,Renewing,Revocation

alexsotoblordofthejars

V A U L T F E A T U R E SSecureSecretStorage

DynamicSecretsDataEncryption

Leasing,Renewing,RevocationAuditing

alexsotoblordofthejars

V A U L T F E A T U R E SSecureSecretStorage

DynamicSecretsDataEncryption

Leasing,Renewing,RevocationAuditingACL

alexsotoblordofthejars

V A U L T F E A T U R E SSecureSecretStorage

DynamicSecretsDataEncryption

Leasing,Renewing,RevocationAuditingACL

MultipleAuthenticationMethods

alexsotoblordofthejars

V A U L T F E A T U R E SSecureSecretStorage

DynamicSecretsDataEncryption

Leasing,Renewing,RevocationAuditingACL

MultipleAuthenticationMethodsRESTAPI

alexsotoblordofthejars

S E C U R E S E C R E T S T O R A G E

alexsotoblordofthejars

L E T ' S S E E I N A C T I O N

alexsotoblordofthejars

M I C R O S E R V I C E S A P P R O A C H

A P P I D A U T H

N E E D Y O U R H E L P

alexsotoblordofthejars

A P P I DRandomUniqueChunk

alexsotoblordofthejars

A P P I DRandomUniqueChunk

UniquetoApplication(akaService)

alexsotoblordofthejars

A P P I DRandomUniqueChunk

UniquetoApplication(akaService)GeneratedbyOperator

alexsotoblordofthejars

A P P I DRandomUniqueChunk

UniquetoApplication(akaService)GeneratedbyOperator

StoredinConfigurationManagement

alexsotoblordofthejars

U S E R I DIntrinsicProperties

alexsotoblordofthejars

U S E R I DIntrinsicPropertiesUniquetoInstance

alexsotoblordofthejars

U S E R I DIntrinsicPropertiesUniquetoInstance

GeneratedbyCloudInitScript

alexsotoblordofthejars

login

E A C H S E R V I C E

W I T H T U P L E { A P P I D , U S E R I D }

alexsotoblordofthejars

E X A M P L E W I T H D O C K E R

C U B B Y H O L E A U T H E N T I C A T I O N M E T H O D

C U B B Y H O L EtempTokenwithTTLandLimits

alexsotoblordofthejars

C U B B Y H O L EtempTokenwithTTLandLimitspermTokentoaccessrealdata

alexsotoblordofthejars

C U B B Y H O L EtempTokenwithTTLandLimitspermTokentoaccessrealdataGeneratedbyCloudInitScript

alexsotoblordofthejars

$$>>vaulttokenvaulttoken--createcreate--useuse--limitlimit==33

$$>>vaultauthvaultauth......#Firstusage#Firstusage

$$>>vaultwritecubbyholevaultwritecubbyhole//service11tokenservice11token==......#Secondusage#Secondusage

$$>>vaultreadcubbyholevaultreadcubbyhole//service11#Thirdusageservice11#Thirdusage

$$>>vaultreadcubbyholevaultreadcubbyhole//service11service11

ErrorreadingcubbyholeErrorreadingcubbyhole//tokentoken::ErrormakingAPIrequestErrormakingAPIrequest..

URLURL::GEThttpGEThttp::////127.0127.0..0.10.1::82008200//v1v1//cubbyholecubbyhole//tokentoken

CodeCode::403403..ErrorsErrors::

C L I

alexsotoblordofthejars

L E T ' S W I N D D OW N

alexsotoblordofthejars

V A U L T I S A S E R V I C E

alexsotoblordofthejars

T H E R E I S N O S I L V E R B U L L E T

Q U E S T I O N S

alexsotoblordofthejars

@alexsotob

asotobu@gmail.com

alexsotoblordofthejars