This repository contains the following examples for Lowkey Vault:
In this example, the core of the application was generated with Spring Initializr The image is started with Testcontainers. The test cases are using Azure Key Vault Key client and Azure Key Vault Secret client.
- Application context root
- Key "repository"
- Secret "repository"
- Certificate "repository"
- Test configuration (Docker mode)
- Test configuration (Jar process mode)
- Test configuration (External Jar)
- JUnit Jupiter Test
Note: In order to better understand what is needed in general to make similar examples work, please find a generic overview here.
Run the tests and let the context run Lowkey Vault using Docker:
./gradlew clean build -PdockerIn this mode, not only the docker, but the managed-identity profile is activated by the Gradle
test task. Also, the same configuration ensures, that the two required environment
variables are configured as well:
IDENTITY_ENDPOINTmust be set to point to the/metadata/identity/oauth2/tokenpath of Assumed Identity e.g., http://localhost:8080/metadata/identity/oauth2/tokenIDENTITY_HEADERcan be set to anything (just needs to exist) e.g.,header
Tip
Since v2.4.2, Lowkey Vault is providing the same token endpoint on the 8080 port by default. Therefore, you don't need to start another container.
By setting these, the following things will happen:
- The test configuration
will create a
DefaultAzureCredentialinstance for the authentication due to themanaged-identitySpring profile. - The created credential will use the configured identity endpoint as token source
- The Assumed Identity container that is started by the test configuration will issue a dummy token whenever the managed
identity logic used by the
DefaultAzureCredentialrequires one. - Lowkey Vault will accept the dummy token
Run the tests and let the context run Lowkey Vault using Jar:
./gradlew clean build -PprocessNote
Managed identity will NOT be active with this profile, so no need to start Assumed Identity as well.
Start Lowkey Vault manually:
java -jar lowkey-vault-app-<version>.jarRun the tests using the externally started Lowkey Vault:
./gradlew clean buildNote
Managed identity will NOT be active with this profile, so no need to start Assumed Identity as well.
This example is using the official Azure Starter for setting up a Key Vault backed property source. The application was generated with Spring Initializr. The Lowkey Vault and Assumed Identity images are started using Docker Compose.
Warning: The example depends on the 5.6.0+ version of the Spring Cloud Azure Starter implementation.
- Application context root
- A bean using the property source
- Generic Property source configuration
- DEV Property source configuration for local runs
- Test for the property resolution
- Gradle configuration for tests
- Gradle configuration for Boot Run
Note: In order to better understand what is needed in general to make similar examples work, please find a generic overview here.
In this mode, the containers are automatically started using the docker-compose.yml. The Lowkey Vault container will restore a previously saved state including the secret which will be used by the application. The Gradle configuration ensures, that the two required environment variables are configured as well:
IDENTITY_ENDPOINTmust be set to point to the/metadata/identity/oauth2/tokenpath of Assumed Identity e.g., http://localhost:10544/metadata/identity/oauth2/tokenIDENTITY_HEADERcan be set to anything (just needs to exist) e.g.,header
Tip
Since v2.4.2, Lowkey Vault is providing the same token endpoint on the 8080 port by default. Therefore, you don't need to start another container.
Run the tests and let the context run Lowkey Vault using Docker Compose:
./gradlew clean buildRun the application locally:
./gradlew bootRun