Using VaultTemplate with username and password
I'm following a Spring Vault tutorial https://docs.spring.io/spring-vault/docs/current/reference/html/index.html and I have successfully connected the Java program with Vault through token access. In the picture below, tab number 1.
VaultTemplate vaultTemplate = new VaultTemplate(endpoint, new TokenAuthentication("MySecretToken"));
How do I instantiate the VaultTemplate using user name and password such as when we login through the Vault WebUI in this option (tab number 2)?:
I'm looking at this JavaDoc, but it's not obvious which one to pick: https://docs.spring.io/spring-vault/docs/current/api/index.html?overview-summary.html
So in another word: How do I connect with Vault, using spring-vault, using username+password instead of token? Or at the very least, I need a pointer on how to generate a token with username+password
As @h3rmanj indicated, Spring Vault does not support username/password authentication because this method is intended for human authentication, not machine-to-machine authentication.
Authentication depends on your threat model and how you can/want to address the exploitation of credentials in case of a breach. With username/password, you basically need to lock the user of a breached account. This is unfortunate as these accounts tend to be associated with people and you would lock out an operator.
If you use AppRole, you get two factors and you can segregate accounts by application type. Using tokens gives you the most flexibility if you do not reuse the token across multiple applications. Reuse is convenient but also if you encounter a breach, you have to take all applications offline that share the same token. So assigning individual tokens comes with the highest flexibility and the highest amount of operational overhead.
Anything in between is a compromise between a reaction to potential breaches and the amount of operational work.
HTH.
- What is the maven-shade-plugin used for, and why would you want to relocate Java packages?
- Spring Security issue with JWT: Cannot subclass final class JwtAuthenticationProvider
- Stream Audio from Client to Server to Multiple Clients Java
- Find minimum sum from given array
- Get src value of <img> tags with inconsistent quoting
- Unable to find valid certification path to requested target - error even after cert imported
- Java | Binary string to byte
- Unexpected OutOfMemoryError when allocating an array larger than the heap
- Leetcode 643. Maximum Average Subarray I
- How to extract ALT-Texts and Images from a PDF
- Spring @Sql Annotations, possible to run once before all tests?
- Java Wildcard-types vs Kotlin Star-projection
- Can't get attributes of AWS SQS queue using Java & TestContainers
- Java/VSCode "file.java is not on the classpath of project, only syntax errors are reported"
- Using Enums while parsing JSON with GSON
- key-value store suggestion
- Springboot mySQL Failed to determine a suitable driver class
- Ant command 'war' fails with error 'jvxml.xml.lib doesn't denote a zipfileset or a fileset'
- Reading Multi-Level XML files in Java
- Intellij highlight file in Project Explorer
- Java springboot Validation is not working for me
- How to start multiple instances of the same Java project in Eclipse?
- Unable to resolve name [org.hibernate.dialect.MYSQL5Dialect] as strategy [org.hibernate.dialect.Dialect]
- Java JSCrollPane won't resize below minimum size of JButton with text
- How to generate classes using maven jaxb implements serializable
- String matches method - forward slash not working
- How to remove large if-else-if chain with the condition as String::startswith
- Save state of object in IntelliJ debug?
- When should I use the dollar symbol ($) in a variable name?
- Spring-Data-Jpa Repository - Underscore on Entity Column Name