search

BetterCloud / vault-java-driver

Zero-dependency Java client for HashiCorp's Vault
https://bettercloud.github.io/vault-java-driver/
336 stars 223 forks source link

How to use this driver with roleID and secretID? #139

Closed huangjun closed 5 years ago

huangjun commented 5 years ago

Hi all,

I'm trying to figure out the right pattern to use Vault to store/retrieve user/password. I have roleId and secretId in hand but I don't find enough doc about how to use it properly.

My progress so far

    VaultConfig config = new VaultConfig().address(endpoint).build();
    Vault vault = new Vault(config);
    String token = vault.auth().loginByAppRole(roleId, secretId).getAuthClientToken();
    config.token(token);
    vault.logical().write(path, secrets);

It only allows me to write into /cubbyhole path and the secrets is only visible to that token. If I start another process with a new token, it cannot see the written secrets. Should I keep the client token somewhere to share around? Is that right? How to make sure the token won't expire?

Any comment is appreciated. Thanks!

JH

huangjun commented 5 years ago

Found the issue, the path has to start with "secret/".