Killyz
Reputation: 109
Configure Spring Vault with TLS
I can't find any documentation on how to properly setup Spring Vault in production environment. It's been said not to use tls_disable = 1 in production.
I'm running vault on an empty ec2 instance, i authenticate my application manually with a token and would like to continue doing so. I'm just looking for the proper way of creating the necessary certificates so it could work with https and not http as the documentation suggests.
Upvotes: 0
Views: 2577
Answers (1)
mp911de
Reputation: 18119
You have two options:
- For testing purposes, you can set the protocol scheme to
HTTP:
VaultEndpoint endpoint = new VaultEndpoint();
endpoint.setHost("localhost");
endpoint.setPort(8200);
endpoint.setScheme("http");
new VaultTemplate(endpoint, …)
- For production: There are a few options for certificates, ranging from running a company-wide CA over setting up an intermediate CA to self-signed certificates. For Spring Vault, we created a script that helps us during testing by creating a CA and importing these certificates into a temporary truststore. You can find it here to get some inspiration. This script does not replace proper security policies and a responsible certificate handling.
Upvotes: 1
Related Questions
- Vault Error, Server gave HTTP response to HTTPS client
- Spring Cloud Vault error: nested exception is javax.net.ssl.SSLHandshakeException: extension (5) should not be presented in certificate_request
- Vault Integration SSL certificate issue NodeJS
- Spring Cloud Vault With k2 v2 - How to Avoid 403 at Startup?
- Hashicorp Vault Error: Error checking seal status
- Vault. Spring. Unrecognized SSL message, plaintext connection/
- Hashicorp Vault tls cert authentication does not read certificate
- Vault error while writing
- Hashicorp Vault encrypt data
- "Secret id missing" error while connecting to Vault using Spring cloud vault