I'm trying to figure out the right pattern to use Vault to store/retrieve user/password. I have roleId and secretId in hand but I don't find enough doc about how to use it properly.
My progress so far
VaultConfig config = new VaultConfig().address(endpoint).build();
Vault vault = new Vault(config);
String token = vault.auth().loginByAppRole(roleId, secretId).getAuthClientToken();
config.token(token);
vault.logical().write(path, secrets);
It only allows me to write into /cubbyhole path and the secrets is only visible to that token. If I start another process with a new token, it cannot see the written secrets. Should I keep the client token somewhere to share around? Is that right? How to make sure the token won't expire?
Hi all,
I'm trying to figure out the right pattern to use Vault to store/retrieve user/password. I have roleId and secretId in hand but I don't find enough doc about how to use it properly.
My progress so far
It only allows me to write into /cubbyhole path and the secrets is only visible to that token. If I start another process with a new token, it cannot see the written secrets. Should I keep the client token somewhere to share around? Is that right? How to make sure the token won't expire?
Any comment is appreciated. Thanks!
JH