thanks for this tutorial, but would you mind increasing the font's size of the code, this is will be helpful to easily fallow you while explaining. thanks!
Does this also work for nested secret paths in Vault? For example, in Secret Engine secret/ , I will have secret key as application and inside application another subfolder, let's call it dev and inside dev, we could have properties. So secret/application/dev/properties. In this path, we can store a key value pair of secret. Somehow I can't pull secrets from this path. Can you please help me?
As i understand vault this is just ciphered storage? Am i right? But what gonna happened if someone could break even https connection (MIM attack) of connection between Java app and vault? So, all the idea of vault looks is missed in one moment? How real projects works with vault? How to vault really knows to whom give it's secrets and whom does not?
Yes, it is encrypted storage. If you are curious about topics like this you can find a lot of information in Vault docs. You can read there about sealing mechanism, authentication, authorization, policies etc. Also you can check out security and threat model topics.
I am unable to make it work with java11 and latest 2.7 spring boot version . Any pointers for me ?VaultConfiguration is always throwing bean creation exception.Kindly share some tips.
Thanks for the video,Sir!Could you help me to solve the following error?Caused by: java.lang.IllegalArgumentException: Could not resolve placeholder 'user' in value ${user}
How can we use namespace? Could you please give idea how to store the postgres db username and password in vault and use them in application.yml in Spring Boot application?
Well the idea behind vault is that you don't need properties in application.yml you want to put vault connectivity in bootstrap.yml and set it to correct secret and Spring will fetch all defined properties from the vault secret like postgres user and password and inject them wherever they are needed. For example to property with @Value annotation
Thanks for the video:). Solved my issue which i have been facing from many days. But i figured it out from your video that the path should be "application" since springboot application looks for that path by default. But what If i want to create a path which is other than "application" in vault and what should be the changes in bootstrap.properties ?
Happy it helpe you! It is explained at the end of the video where we are creating new key value secret. You want to override "spring.cloud.vault.generic.default-context" property. Default value for this property is "application" and you can change it for whatever you want. Keep coding!
Thanks for video:) I am working on vault integration in spring batch app, its working fine. I have another spring batch app where we have hikaricp, it also has vault integration, but this app is getting shut down after 1-2 mins of startup, there is nothing in logs, Can you please let me know if you have any idea?
Well i would change logging to the highest level like TRACE, and I would make sure that machine where this app is working has enough resources like memory etc.
@@vanitasharma4580 Well try to compare those two applications. Maybe there is something more than only dependency difference. Good luck! Hope you will solve it.
Hi and thank you for your video, it is great but I have one concern. I am just starting to learn about vault and It seem to be that in order to work with vault, we need to install vault.exe on our machine. I dont see this as being practical for dev teams because it means that (a) every team member would need to have vault installed on their machine and (b) all the passwords (that are supposed to be protected) still need to be shared with everyone in the team. But even more so are the deployment environments as it sounds like deployment servers would also need to have vault.exe installed which is very difficult to get approved in large enterprises. I am not sure how to go around these concerns and if using vault is still feasible? Much appreciated
You can manage access on Vault secret engines by using policies that will restrict access as you want. Check HashiCorp Vault official documentation, they provide some good examples
@@CodeForgeYT Hello, i quick question, i am trying to do the same example with the new version of Spring boot and the spring cloud and i am ending up with lot of issues with reading bootstrap properties. Please note same version what you have used works fine, Can you point me the source where i can look for this version compatibility, preferably the recent spring boot version 2.4.1
@@kalaiselvankesavel2971 Hard to say without seeing the errors and knowing which exactly versions you are using. Try to look around. For sure check if you have both dependencies and bootstrap.properties is visible in classpath
@@CodeForgeYT I've seen your code and I replied it in my project, but errors happen the same as my project. When I use @Value it tries to get it from properties. Is there any configuration that I need to use in my project?
@@CodeForgeYT Hi , Yes did it. But when I run your project happens the same error > Could not resolve placeholder 'login' in value "${login}" I have this key in my Vault as well. :( Springboot tries to get this information from properties because I'm using @Value. I don't understand where springboot will take these properties?
@@thiagoaugusto300 If you have spring cloud vault depdendency, spring cloud config and you are using bootstrap.properties spring will connect with the vault before application startup and it will retrieve the properties, then it will inject them in the @Value annotated properties with the same name in the configuration class
@@CodeForgeYT i thought i could restore the secret values with previous key. because every time i start/restart the vault server it generates new vault instance and the current secret values stored is gone
@@potatosheep This is because it is development mode. To do what you have described you need to deploy it in the production mode together with some backend storage. Then you will be able to unseal Vault after restart and access your secrets
What shoud I say about all those sharing their screen o making a tutorial using an IDE with Dark Theme...your work is useless, I can't see dark font on dark background.
This is just awesome. Simple and sweet !!
Happy you like it! Thanks!
thanks for this tutorial, but would you mind increasing the font's size of the code, this is will be helpful to easily fallow you while explaining. thanks!
Hey! Thanks for feedback. Yes I took care of it, new videos has bigger fonts!
Does this also work for nested secret paths in Vault? For example, in Secret Engine secret/ , I will have secret key as application and inside application another subfolder, let's call it dev and inside dev, we could have properties. So secret/application/dev/properties. In this path, we can store a key value pair of secret. Somehow I can't pull secrets from this path. Can you please help me?
As i understand vault this is just ciphered storage? Am i right?
But what gonna happened if someone could break even https connection (MIM attack) of connection between Java app and vault? So, all the idea of vault looks is missed in one moment? How real projects works with vault?
How to vault really knows to whom give it's secrets and whom does not?
Yes, it is encrypted storage.
If you are curious about topics like this you can find a lot of information in Vault docs.
You can read there about sealing mechanism, authentication, authorization, policies etc.
Also you can check out security and threat model topics.
For any help to grow ready here dude. Great idea and Great video. You really deserves more subscribers and thumbs up. Keep it up dear😄😄
Thanks for the support!
I am unable to make it work with java11 and latest 2.7 spring boot version . Any pointers for me ?VaultConfiguration is always throwing bean creation exception.Kindly share some tips.
Thanks for the video,Sir!Could you help me to solve the following error?Caused by: java.lang.IllegalArgumentException: Could not resolve placeholder 'user' in value ${user}
How can we use namespace? Could you please give idea how to store the postgres db username and password in vault and use them in application.yml in Spring Boot application?
Well the idea behind vault is that you don't need properties in application.yml you want to put vault connectivity in bootstrap.yml and set it to correct secret and Spring will fetch all defined properties from the vault secret like postgres user and password and inject them wherever they are needed. For example to property with @Value annotation
hi , from your video, how can i connect to remote vault? i am not able to connect
Great other than needing a magnifying glass to see the demo
New videos have bigger font size so it is easier to watch ; D
CodeForgeYT I read below 🙂 would have been better if you remade this with a better font size?
@@astb01 I will think about it. Thx for constructive feedback.
can u do a tutorial on how to use the spring cloud encryption to encrypt the token so that it is safer to store then secrets in the application
Hi! Thanks for the feedback and video idea. Right now I don't have such things in the scope.
Keep coding!
Thanks for the video:). Solved my issue which i have been facing from many days.
But i figured it out from your video that the path should be "application" since springboot application looks for that path by default.
But what If i want to create a path which is other than "application" in vault and what should be the changes in bootstrap.properties ?
Happy it helpe you!
It is explained at the end of the video where we are creating new key value secret. You want to override "spring.cloud.vault.generic.default-context" property. Default value for this property is "application" and you can change it for whatever you want.
Keep coding!
@@CodeForgeYT I am able to create new Secret engine with new Key value secret in it. Thanks a lot. Your video helped me a lot.
@Pramod Rawate Great, good job!
Increase the font size or the resolution
In latest videos, font is already bigger
Thanks for video:) I am working on vault integration in spring batch app, its working fine. I have another spring batch app where we have hikaricp, it also has vault integration, but this app is getting shut down after 1-2 mins of startup, there is nothing in logs, Can you please let me know if you have any idea?
Well i would change logging to the highest level like TRACE, and I would make sure that machine where this app is working has enough resources like memory etc.
@@CodeForgeYT thanks!! App was working fine before vault integration. Not sure if I am missing anything.
@@vanitasharma4580 Well try to compare those two applications. Maybe there is something more than only dependency difference. Good luck! Hope you will solve it.
Hi and thank you for your video, it is great but I have one concern. I am just starting to learn about vault and It seem to be that in order to work with vault, we need to install vault.exe on our machine. I dont see this as being practical for dev teams because it means that (a) every team member would need to have vault installed on their machine and (b) all the passwords (that are supposed to be protected) still need to be shared with everyone in the team. But even more so are the deployment environments as it sounds like deployment servers would also need to have vault.exe installed which is very difficult to get approved in large enterprises. I am not sure how to go around these concerns and if using vault is still feasible? Much appreciated
You can manage access on Vault secret engines by using policies that will restrict access as you want. Check HashiCorp Vault official documentation, they provide some good examples
Where Vault config server can you put referral links in the description in the future?
I don't understand
@@CodeForgeYT thanx for your reply.
You mentioned that you already configured Vault in other video.
Where link for this video?
I have added it to the video description. Enjoy!
@@CodeForgeYT big thanx
Very nice video, but please change the background to lite and increase the font size.
New videos have bigger font and what is the lite background? If you mean light mode instead of dark. I prefer dark mode.
@@CodeForgeYT Hello, i quick question, i am trying to do the same example with the new version of Spring boot and the spring cloud and i am ending up with lot of issues with reading bootstrap properties. Please note same version what you have used works fine, Can you point me the source where i can look for this version compatibility, preferably the recent spring boot version 2.4.1
@@kalaiselvankesavel2971 Hard to say without seeing the errors and knowing which exactly versions you are using. Try to look around. For sure check if you have both dependencies and bootstrap.properties is visible in classpath
thanks.
Thank you for watching!
If you use black theme how can viewers see
When I put @Value, my application tries to get it from application.properties and got an error. Could you share your project?
Hey I have uploaded project to the github. You can find link in video description. :)
@@CodeForgeYT I've seen your code and I replied it in my project, but errors happen the same as my project. When I use @Value it tries to get it from properties.
Is there any configuration that I need to use in my project?
@@thiagoaugusto300 Try to use project from github. There must be a difference.
@@CodeForgeYT Hi , Yes did it. But when I run your project happens the same error > Could not resolve placeholder 'login' in value "${login}" I have this key in my Vault as well. :(
Springboot tries to get this information from properties because I'm using @Value. I don't understand where springboot will take these properties?
@@thiagoaugusto300 If you have spring cloud vault depdendency, spring cloud config and you are using bootstrap.properties spring will connect with the vault before application startup and it will retrieve the properties, then it will inject them in the @Value annotated properties with the same name in the configuration class
didn't work for a remote vault. This thing is too complicated.
How to unseaL?
You have to provide combination of shard keys. It depends on configuration. Process is deeply described in vault docs.
@@CodeForgeYT i thought i could restore the secret values with previous key. because every time i start/restart the vault server it generates new vault instance and the current secret values stored is gone
@@potatosheep This is because it is development mode. To do what you have described you need to deploy it in the production mode together with some backend storage. Then you will be able to unseal Vault after restart and access your secrets
@@CodeForgeYT so every time i restart my machine and start to work ( dev mode) i need to re-configure again the vault instance?
@@potatosheep If by reconfiguration you mean putting secrets, then yes. In dev mode everything happens in memory like in h2 database
What shoud I say about all those sharing their screen o making a tutorial using an IDE with Dark Theme...your work is useless, I can't see dark font on dark background.