search

hashicorp / vault-service-broker

The official HashiCorp Vault broker integration to the Open Service Broker API. This service broker provides support for secure secret storage and encryption-as-a-service to HashiCorp Vault.
https://www.vaultproject.io/
Mozilla Public License 2.0
84 stars 38 forks source link

Examples of how to use the service broker #17

Closed MichaelLoveUSA closed 6 years ago

MichaelLoveUSA commented 6 years ago

Hi there - I was just checking this out and it seems like an important part is missing. Is there a simple example of how to use the service broker in a application? Spring maybe?

sethvargo commented 6 years ago

Hi @MichaelLoveUSA

The service broker presents the credentials via the standard VCAP_SERVICES environment variable to the application. Your app just needs to read that environment variable and parse the JSON. There are example payloads in the README. What kind of additional information were you looking for?

MichaelLoveUSA commented 6 years ago

OK, we have the creds. I will look for examples of using vcap services.

sethvargo commented 6 years ago

Hi @MichaelLoveUSA

Have you followed the step-by-step instructions in the README? What version of CloudFoundry are you using? https://docs.run.pivotal.io/devguide/deploy-apps/environment-variable.html#VCAP-SERVICES

MichaelLoveUSA commented 6 years ago

Hey there - We are using pcf 1.11.18. I see that we have access to generic, but I don't know how to access a value via code. I can do it via vault cli. Do we need to use spring-cloud-vault? Here is the vcap_services json:

{
 "VCAP_SERVICES": {
  "hashicorp-vault": [
   {
    "credentials": {
     "address": "https://10.70.160.7:8200/",
     "auth": {
      "accessor": "9cf89723-e2ef-4fca-1eec-70cd33b34532",
      "token": "c42e112c-b2e7-1b17-8b16-41955af75d10"
     },
     "backends": {
      "generic": "cf/6e8ddb23-8f38-4320-8cd9-bef44d3e5bb5/secret",
      "transit": "cf/6e8ddb23-8f38-4320-8cd9-bef44d3e5bb5/transit"
     },
     "backends_shared": {
      "organization": "cf/eed3340c-98f8-4e19-8a9a-309619f24043/secret",
      "space": "cf/2ebe6bbb-6937-4d93-960e-80dcfba7bd16/secret"
     }
    },
    "label": "hashicorp-vault",
    "name": "my-vault",
    "plan": "shared",
    "provider": null,
    "syslog_drain_url": null,
    "tags": [
     ""
    ],
    "volume_mounts": []
   }
  ]
 }
}
sethvargo commented 6 years ago

Hi @MichaelLoveUSA

It seems like you're asking how to interact with Vault, not this broker. The broker is just the glue between Vault and CF/K8S. For more information on how to interact with Vault, please see Vault's API.

MichaelLoveUSA commented 6 years ago

I agree. Heading down that path! I appreciate your help for a naive question.