Can Hashicorp Vault
encrypt data?
I'm using the Vault as the key(s) storage for now, but does vault able to encrypt data for the application?
Scenario: My client is a java application, accessing Vault through Vault's Java spring API. Will java be able to send a big/long string to Vault and receive the encrypted version of that string? In another word using Vault as an encryptor and decryptor service.
Yes. Vault can act as Encryption as a Service
You will need to enable transit sercrets engine, create a keyring and encrypt/decrypt your data:
vault secrets enable transit
vault write -f transit/keys/orders
vault write transit/encrypt/orders plaintext=$(base64 <<< "4111 1111 1111 1111")
vault write transit/decrypt/orders \
ciphertext="vault:v1:cZNHVx+sxdMErXRSuDa1q/pz49fXTn1PScKfhf+PIZPvy8xKfkytpwKcbC0fF2U=" \