Repository to go with my talk on How to Secure Your Microservices.
- docker-compose
- vault client
- postgres client
- dotnet, if you want to run the sample apps
eval $(./environment.sh)
- configures a few environment variablesdocker-compose up -d
./init.sh
- writes services into Consul, create pg vault user./postgres.sh
- sets up the database secrets engine./approles.sh
- creates thedemo_service
approle
All apps just connect to postgres, and list all users/roles and their expiry times.
DirectAccess
- uses vault master token
AppRoleAccess
- uses a RoleID and SecretID.
- Set
VaultRoleID
environment variable - Set
VaultSecretID
in theappsettings.json
ServiceDiscoveryAccess
- uses Consul and RoleID and SecretID
- Set
VaultRoleID
environment variable - Set
VaultSecretID
in theappsettings.json
psql -c "select rolname, rolvaliduntil from pg_roles;"