Tutorial: Secure Secrets With Spring Cloud Config and Vault
This repository contains all the code for testing a Spring Cloud Configuration Server using Vault as backend, and a demo client application with Okta OIDC authentication.
Please read Secure Secrets With Spring Cloud Config and Vault to see how this app was created.
Prerequisites: Java 8+ and Docker.
Okta has Authentication and User Management APIs that reduce development time with instant-on, scalable user infrastructure. Okta's intuitive API and expert support make it easy for developers to authenticate, manage, and secure users and roles in any application.
Getting Started
To install this example, run the following commands:
git clone https://github.com/oktadeveloper/okta-spring-vault-example.git
Create the OIDC Application in Okta
For the Okta authentication set up, register for a free developer account. After you log in, go to API > Authorization Servers and copy your Issuer URI into a text editor.
Then go to Applications and create a new Web application. Configure it as follows:
- Name:
Vault Demo
- Base URIs:
http://localhost:8080/
- Login redirect URIs:
http://localhost:8080/login/oauth2/code/okta
- Logout redirect URIs:
http://localhost:8080
- Grant type allowed:
- Authorization Code
- Refresh Token
Click Done and copy the Client ID and Client secret into a text editor for later. Go to API > Authorization Servers and copy the default issuer URI.
Run Vault
docker pull vault
docker run --cap-add=IPC_LOCK \
-e 'VAULT_DEV_ROOT_TOKEN_ID=00000000-0000-0000-0000-000000000000' \
-p 8200:8200 \
-v {hostPath}:/vault/logs \
--name my-vault vault
Store the secrets:
docker exec -it my-vault /bin/sh
export VAULT_TOKEN="00000000-0000-0000-0000-000000000000"
export VAULT_ADDR="http://127.0.0.1:8200"
vault kv put secret/vault-demo-app,dev \ spring.security.oauth2.client.registration.oidc.client-id="{yourClientID}" \ spring.security.oauth2.client.registration.oidc.client-secret="{yourClientSecret}" \ spring.security.oauth2.client.provider.oidc.issuer-uri="{yourIssuerURI}"
Run the applications with Maven
Run vault-config-server
:
cd spring-vault/vault-config-server
./mvnw spring-boot:run
Run vault-demo-app
:
SPRING_CLOUD_CONFIG_TOKEN=00000000-0000-0000-0000-000000000000 \
./mvnw spring-boot:run
Go to http://localhost:8080 and login with Okta.
Links
This example uses the following libraries:
Help
Please post any questions as comments on the blog post, or visit our Okta Developer Forums. You can also post a question to Stack Overflow with the "okta" tag.
License
Apache 2.0, see LICENSE.