Search code examples
javaspringhashicorp-vaultspring-vault

Hashicorp Vault encrypt data


Can Hashicorp Vault encrypt data? I'm using the Vault as the key(s) storage for now, but does vault able to encrypt data for the application?

Scenario: My client is a java application, accessing Vault through Vault's Java spring API. Will java be able to send a big/long string to Vault and receive the encrypted version of that string? In another word using Vault as an encryptor and decryptor service.


Solution

  • Yes. Vault can act as Encryption as a Service

    You will need to enable transit sercrets engine, create a keyring and encrypt/decrypt your data:

    vault secrets enable transit
    vault write -f transit/keys/orders
    vault write transit/encrypt/orders plaintext=$(base64 <<< "4111 1111 1111 1111")
    vault write transit/decrypt/orders \
        ciphertext="vault:v1:cZNHVx+sxdMErXRSuDa1q/pz49fXTn1PScKfhf+PIZPvy8xKfkytpwKcbC0fF2U=" \
    

    Read more here and api