/okta-spring-vault-example

Spring + Vault Example

Primary LanguageJavaApache License 2.0Apache-2.0

Tutorial: Secure Secrets With Spring Cloud Config and Vault

This repository contains all the code for testing a Spring Cloud Configuration Server using Vault as backend, and a demo client application with Okta OIDC authentication.

Please read Secure Secrets With Spring Cloud Config and Vault to see how this app was created.

Prerequisites: Java 8+ and Docker.

Okta has Authentication and User Management APIs that reduce development time with instant-on, scalable user infrastructure. Okta's intuitive API and expert support make it easy for developers to authenticate, manage, and secure users and roles in any application.

Getting Started

To install this example, run the following commands:

git clone https://github.com/oktadeveloper/okta-spring-vault-example.git

Create the OIDC Application in Okta

For the Okta authentication set up, register for a free developer account. After you log in, go to API > Authorization Servers and copy your Issuer URI into a text editor.

Then go to Applications and create a new Web application. Configure it as follows:

  • Name: Vault Demo
  • Base URIs: http://localhost:8080/
  • Login redirect URIs: http://localhost:8080/login/oauth2/code/okta
  • Logout redirect URIs: http://localhost:8080
  • Grant type allowed:
    • Authorization Code
    • Refresh Token

Click Done and copy the Client ID and Client secret into a text editor for later. Go to API > Authorization Servers and copy the default issuer URI.

Run Vault

docker pull vault
docker run --cap-add=IPC_LOCK \
-e 'VAULT_DEV_ROOT_TOKEN_ID=00000000-0000-0000-0000-000000000000' \
-p 8200:8200 \
-v {hostPath}:/vault/logs \
--name my-vault vault

Store the secrets:

docker exec -it my-vault /bin/sh
export VAULT_TOKEN="00000000-0000-0000-0000-000000000000"
export VAULT_ADDR="http://127.0.0.1:8200"
vault kv put secret/vault-demo-app,dev \ spring.security.oauth2.client.registration.oidc.client-id="{yourClientID}" \ spring.security.oauth2.client.registration.oidc.client-secret="{yourClientSecret}" \ spring.security.oauth2.client.provider.oidc.issuer-uri="{yourIssuerURI}"

Run the applications with Maven

Run vault-config-server:

cd spring-vault/vault-config-server
./mvnw spring-boot:run

Run vault-demo-app:

SPRING_CLOUD_CONFIG_TOKEN=00000000-0000-0000-0000-000000000000 \
./mvnw spring-boot:run

Go to http://localhost:8080 and login with Okta.

Links

This example uses the following libraries:

Help

Please post any questions as comments on the blog post, or visit our Okta Developer Forums. You can also post a question to Stack Overflow with the "okta" tag.

License

Apache 2.0, see LICENSE.