diff --git a/docker-compose.yml b/docker-compose.yml index fecb979..2367191 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,4 +1,4 @@ -version: '3.1' +version: '3.8' services: db: image: mysql @@ -7,3 +7,23 @@ services: environment: MYSQL_ROOT_PASSWORD: my-secret-pw MYSQL_DATABASE: vault-integration-db + networks: + - vault-network + + vault: + image: hashicorp/vault:latest + ports: + - "8200:8200" + environment: + VAULT_ADDR: "http://0.0.0.0:8200" + VAULT_DEV_ROOT_TOKEN_ID: "vault-plaintext-root-token" + cap_add: + - IPC_LOCK + networks: + - vault-network + +networks: + vault-network: + ipam: + config: + - subnet: 172.21.0.0/24 \ No newline at end of file diff --git a/pom.xml b/pom.xml index 8a56bb6..aeabab6 100644 --- a/pom.xml +++ b/pom.xml @@ -1,4 +1,3 @@ - 4.0.0 @@ -28,6 +27,7 @@ 17 + 2023.0.3 @@ -37,23 +37,52 @@ com.mysql mysql-connector-j - 8.4.0 + runtime + + + org.springframework.boot + spring-boot-starter-web + + + org.springframework.cloud + spring-cloud-starter-vault-config + + + org.projectlombok + lombok + true - org.springframework.boot spring-boot-starter-test test - + + + + org.springframework.cloud + spring-cloud-dependencies + ${spring-cloud.version} + pom + import + + + org.springframework.boot spring-boot-maven-plugin + + + + org.projectlombok + lombok + + + - - + \ No newline at end of file diff --git a/src/main/java/com/examples/vaultintegration/controller/EmployeeController.java b/src/main/java/com/examples/vaultintegration/controller/EmployeeController.java new file mode 100644 index 0000000..bb48dec --- /dev/null +++ b/src/main/java/com/examples/vaultintegration/controller/EmployeeController.java @@ -0,0 +1,30 @@ +package com.examples.vaultintegration.controller; + +import com.examples.vaultintegration.dao.EmployeeRepository; +import com.examples.vaultintegration.model.Employee; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.beans.factory.annotation.Value; +import org.springframework.http.HttpStatus; +import org.springframework.http.ResponseEntity; +import org.springframework.web.bind.annotation.*; + +@RestController +@RequestMapping("/employee") +public class EmployeeController { + + @Autowired + EmployeeRepository employeeRepository; + + @GetMapping + public ResponseEntity getEmployee() { + Employee employee = employeeRepository.getEmployee(1); + return new ResponseEntity(employee, HttpStatus.OK); + } + + @PostMapping + public ResponseEntity saveEmployee(@RequestBody Employee emp) { + employeeRepository.saveEmployee(emp); + System.out.println("employee saved"); + return new ResponseEntity(HttpStatus.CREATED); + } +} diff --git a/src/main/java/com/examples/vaultintegration/dao/EmployeeRepository.java b/src/main/java/com/examples/vaultintegration/dao/EmployeeRepository.java new file mode 100644 index 0000000..634c7ee --- /dev/null +++ b/src/main/java/com/examples/vaultintegration/dao/EmployeeRepository.java @@ -0,0 +1,10 @@ +package com.examples.vaultintegration.dao; + +import com.examples.vaultintegration.model.Employee; +import org.springframework.stereotype.Repository; + +@Repository +public interface EmployeeRepository { + Employee getEmployee(int id); + void saveEmployee(Employee employee); +} diff --git a/src/main/java/com/examples/vaultintegration/dao/EmployeeRepositoryImpl.java b/src/main/java/com/examples/vaultintegration/dao/EmployeeRepositoryImpl.java new file mode 100644 index 0000000..5642ab3 --- /dev/null +++ b/src/main/java/com/examples/vaultintegration/dao/EmployeeRepositoryImpl.java @@ -0,0 +1,45 @@ +package com.examples.vaultintegration.dao; + +import com.examples.vaultintegration.model.Employee; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.jdbc.core.JdbcTemplate; +import org.springframework.jdbc.core.RowMapper; +import org.springframework.stereotype.Repository; + +import java.sql.ResultSet; +import java.sql.SQLException; +import java.util.Random; + +@Repository +public class EmployeeRepositoryImpl implements EmployeeRepository { + + @Autowired + private JdbcTemplate jdbcTemplate; + + @Override + public Employee getEmployee(int id) { + jdbcTemplate.queryForObject("select id, first_name, last_name from employee where id=" + id, + new RowMapper() { + @Override + public Object mapRow(ResultSet rs, int rowNum) throws SQLException { + Employee emp = new Employee(); + emp.setId(rs.getInt("id")); + emp.setFirstName(rs.getString("first_name")); + emp.setLastName(rs.getString("last_name")); + return emp; + } + + }); + return null; + } + + @Override + public void saveEmployee(Employee employee) { + String sql = "insert into employee(id, first_name, last_name) values(?, ?, ?)"; + System.out.println(sql+"" +employee.getFirstName()+" "+employee.getLastName()); + Random rand = new Random(); + int rand_int1 = rand.nextInt(1000); + int cnt = jdbcTemplate.update(sql, rand_int1, employee.getFirstName(), employee.getLastName()); + System.out.println("saved emp count: "+ cnt); + } +} diff --git a/src/main/java/com/examples/vaultintegration/model/Employee.java b/src/main/java/com/examples/vaultintegration/model/Employee.java new file mode 100644 index 0000000..6326a87 --- /dev/null +++ b/src/main/java/com/examples/vaultintegration/model/Employee.java @@ -0,0 +1,14 @@ +package com.examples.vaultintegration.model; + +import lombok.Data; +import org.springframework.stereotype.Component; + +@Data +@Component +public class Employee { + + private int id; + private String firstName; + private String lastName; + +} diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties index ad5547b..1df76c1 100644 --- a/src/main/resources/application.properties +++ b/src/main/resources/application.properties @@ -1,4 +1,18 @@ -spring.application.name=vault-integration -spring.datasource.url= jdbc:mysql://localhost:3306/vault-integration-db -spring.datasource.username=root -spring.datasource.password=my-secret-pw \ No newline at end of file +spring.application.name=mysql +spring.cloud.vault.uri=http://127.0.0.1:8200 +spring.cloud.vault.authentication=TOKEN +#Root token. +#spring.cloud.vault.token=vault-plaintext-root-token +#UserName & Pwd token +spring.cloud.vault.token=hvs.CAESID_ilu7cXvbfXUoX0p1Xo6IifvSMVvYf_KKHvKcBDXezGh4KHGh2cy50V0p1bmtXb1NKVFB0QjdQcWZZNHRDcmg +spring.cloud.vault.kv.enabled=true +spring.cloud.vault.kv.backend=secret +spring.cloud.vault.kv.default-context=mysql +spring.config.import: vault:// + +spring.jpa.database-platform=org.hibernate.dialect.MySQLDialect +spring.jpa.properties.hibernate.temp.use_jdbc_metadata_defaults=false + +spring.datasource.url=jdbc:mysql://localhost:3306/vault-integration-db +spring.datasource.username=${dbusername} +spring.datasource.password=${dbpassword} \ No newline at end of file diff --git a/src/main/resources/vault_auth_config/vault-cert.hcl b/src/main/resources/vault_auth_config/vault-cert.hcl new file mode 100644 index 0000000..a6cd6c6 --- /dev/null +++ b/src/main/resources/vault_auth_config/vault-cert.hcl @@ -0,0 +1,85 @@ +#This allows the role to be able to renew the cert and tokens associated + +path "pki_int/issue/*" { + + capabilities = ["create", "update"] + +} + +path "pki_int/certs" { + + capabilities = ["list"] + +} + +path "pki_int/revoke" { + + capabilities = ["create", "update"] + +} + +path "pki_int/tidy" { + +capabilities = ["create", "update"] + +} + +path "pki/cert/ca" { + +capabilities = ["read"] + +} + +path "auth/token/renew" { + + capabilities = ["update"] + +} + +path "auth/token/renew-self" { + + capabilities = ["update"] + +} + +# Roles to create, update secrets + +path "/sys/mounts" { + capabilities = ["read", "update", "list"] + } + +path "/sys/mounts/*" { + + capabilities = ["update", "create"] + +} + +path "sys/policies/acl" { + + capabilities = ["read"] + +} + +path "secret/*" { + + capabilities = ["read", "create", "update", "delete"] + +} + +#This allows it to view secrets {{path}} will need to be updated + +#v1 kv pair path + +path "{{path}}/*" { + + capabilities = ["read", "list"] + +} + +#v2 kv pair path + +path "{{path}}/+/*" { + + capabilities = ["read", "list"] + +} \ No newline at end of file diff --git a/src/main/resources/vault_auth_config/vault_auth_cert_config_commands.txt b/src/main/resources/vault_auth_config/vault_auth_cert_config_commands.txt new file mode 100644 index 0000000..a819f76 --- /dev/null +++ b/src/main/resources/vault_auth_config/vault_auth_cert_config_commands.txt @@ -0,0 +1,85 @@ +1. Enable pki secrets engine + +vault secrets enable pki + +2. Set maximum TTL to 87600 hours + +vault secrets tune --max-lease-ttl=87600h pki + +3. Generate a root certificate and save it + +vault write -field=certificate pki/root/generate/internal issuing_certificates="http://localhost:8200/v1/pki/ca" crl_distribution_points="http://localhost:8200/v1/pki/crl" + +4.Enable pki_int path in pki + +vault secrets enable -path=pki_int pki + +5. Set TTL of 43800h in the new path + +vault secrets tune -max-lease-ttl=43800h pki_int + +6. Generate an intermediate cert and save to CSR + +vault write -format=json pki_int/intermediate/generate/internal common_name="myvault.com Intermediate Authority" | jq -r '.data.csr' > pki_intermediate.csr + or use below +vault write -format=json pki_int/intermediate/generate/internal common_name="myvault.com Intermediate Authority" > temp.json +jq -r ".data.csr" temp.json > pki_intermediate.csr + +7. Sign the intermediate cert with the root certificate + +vault write -format=json pki/root/sign-intermediate csr=@pki_intermediate.csr format=pem_bundle ttl="43800h" > temp2.json +jq -r ".data.certificate" temp2.json > intermediate.cert.pem + +8. Once signed and generated import back into Vault + +vault write pki_int/intermediate/set-signed certificate=@intermediate.cert.pem + +9. Create a role for the domain in Vault that allows subdomains with a max TTL of 30 days + +vault write pki_int/roles/vault-dot-com allowed_domains="vault" allow_subdomains=true max_ttl="720h" + +10. Generate certificates using the role created + +Note: Replace {{domain}} with your domain name and {{vault.domain.com}} with your full subdomain + +vault write pki_int/issue/vault-dot-com common_name="localhost" + +Enable Cert Auth And Attaching A Policy +-------------------------------------- +1. Create a role for the cert auth and a place to store them + +vault write pki_int/roles/vault-cert allow_any_name=true max_ttl="720h" generate_lease=true + +2. Create an hcl file to use for your policy + +sudo vim vault-cert.hcl + +3. Next write the policy for the vault cert + +vault policy write vault-cert vault-cert.hcl + +4.Write and sign the current certs to be usable for authentication with Vault + +vault write -format=json pki_int/issue/vault-cert common_name="vault-cert" | tee \ + +>(jq -r .data.certificate > vault_ca.pem) \ + +>(jq -r .data.issuing_ca > vault_issuing_ca.pem) \ + +>(jq -r .data.private_key > vault_privkey.pem) + +5. Enable cert as an authentication method + +vault auth enable cert + +6. Write the certificate to vault as a cert you can use for auth + +vault write auth/cert/certs/vault-cert display_name=vault_cert policies=vault-cert certificate=@vault_ca.pem + +7. Test login using those certs with the following command + +vault login -method=cert -client-cert=vault_ca.pem -client-key=vault_privkey.pem name=vault-cert + +8. We're going to retrieve our secret in a json format + +vault kv get -format=json secret/sql/ | jq \ No newline at end of file diff --git a/src/main/resources/vault_auth_config/vault_auth_userpass_commands.txt b/src/main/resources/vault_auth_config/vault_auth_userpass_commands.txt new file mode 100644 index 0000000..60d3b05 --- /dev/null +++ b/src/main/resources/vault_auth_config/vault_auth_userpass_commands.txt @@ -0,0 +1,50 @@ +Auth type username/password: +------------------------------------ +1. enable auth type +vault auth enable userpass + +2. check auth list +vault auth list + +3. create username pwd + +vault write auth/userpass/users/krn password=abcd + +4. read user +vault read auth/userpass/users/krn + +5. create policy as root policy. +vault policy write root_policy root_policy.hcl + +6. create token for the policy +vault token create -policy="root_policy" + +7. create/asign policy to user +vault write auth/userpass/users/USERNAME password=PASSWORD policies=root_policy + +8. login with user/pwd and get the token from response and use it in appication in place of root token. +vault login -method=userpass username=krn password=abcd + +Configure using UI: +------------------ +login to vault server console using root token +-> click on policies -> create acl policy +-> enter name. ex: "root_policy" +-> enter below text to create default root policy +path "*" { + capabilities = ["create", "read", "update", "delete", "list", "sudo"] +} +-> click on create policy + +->click on access -> authentication methods -> click on enable new method +-> select username & password under Generic +-> create path userpass(default) +-> then click on userpass +-> create user +-> enter username and password +-> expand Tokens +-> enter created token policy name. ex: root_policy +-> Save + +now log out and log in with the newly created username & pwd +then click on profile icon and copy token and use that token in application.prop file instead of root token. diff --git a/src/main/resources/vault_auth_config/vault_ca.pem b/src/main/resources/vault_auth_config/vault_ca.pem new file mode 100644 index 0000000..2b8f36a --- /dev/null +++ b/src/main/resources/vault_auth_config/vault_ca.pem @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDWDCCAkCgAwIBAgIUEmPNYcJId+D0mV/NWlxH1QO3xCQwDQYJKoZIhvcNAQEL +BQAwLTErMCkGA1UEAxMibXl2YXVsdC5jb20gSW50ZXJtZWRpYXRlIEF1dGhvcml0 +eTAeFw0yNDA4MTIwNDU5MzZaFw0yNDA5MTEwNTAwMDVaMBQxEjAQBgNVBAMTCWxv +Y2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALl1VAvKCgwk +jh24xGgUySmb7vpus0v/NSIkqWSwGGGPdb2n4lCgT+W3f3cXEeM+dB3SFxauYl6X +gMZY+FzEcmwRNNgugUzhcslkkJE+bK/yKKrmOhGQSrUqdXYhfart5I+ZlM5STEF9 +7VAeuHH1GRsXPTJjXIQy/bd3JUB1cugyEifq0ge11C7DaloWYHdcPnB/F1j3SLWb +aiArRS05ahsLkQCE3HVR3XU43hWYNI6ZlHNRXLWuidU0zr973UUz6Jul+KvtTTAy +CB6Rc3iVglPPCF+C1JI+HXO1O3/wL3pmveTkaetx+r1fyN6KAXeqL3WUrOoUxFQG +prWLm0zrADkCAwEAAaOBiDCBhTAOBgNVHQ8BAf8EBAMCA6gwHQYDVR0lBBYwFAYI +KwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBSgRgR+ARCEMs7bZO5eOwq+qkib +GjAfBgNVHSMEGDAWgBSgZ/L9D7/einNY1U4BsgqthDAaNzAUBgNVHREEDTALggls +b2NhbGhvc3QwDQYJKoZIhvcNAQELBQADggEBAA9W+/3RJ0fJZWGLXTN1w3sI6pOg +L11BNX0lw6z2JgIp/suEPQBhH4BZy9KjnrOe6PEPTO9FSxCDgf/gkihuui4PgpkX +kj0jsehtWZK2zWtrzWlLiUIdRgiUcf3hhuPu2+5BogFjnd80UBhMSx4Q1NtbBdQ1 +TNT7hqtoVBl3fZ5r6k7H4Y5Vj14UotOcnn4lEmGgLSS43M+TI6bgPgdhxo44oTc4 +njjkFx4+jcRO+34bPKY1vHiARnVoNfNDVa94Q6j+uWDHxGoJFbP1TinPr/cWsDq2 +uYKnKqtbW0GwZzniMCHXs0cLtdEaTP4y8XMrIvQ7A8DmywwPPcfQRDmGtic= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/main/resources/vault_auth_config/vault_ca_chain.pem b/src/main/resources/vault_auth_config/vault_ca_chain.pem new file mode 100644 index 0000000..ebe1d33 --- /dev/null +++ b/src/main/resources/vault_auth_config/vault_ca_chain.pem @@ -0,0 +1,36 @@ +-----BEGIN CERTIFICATE----- +MIIDHjCCAgagAwIBAgIUBtM9fJRnv8YZo7aVgZ0DAevXkHQwDQYJKoZIhvcNAQEL +BQAwADAeFw0yNDA4MTIwNDUyMDFaFw0yNDA5MTMwNDM1NDRaMC0xKzApBgNVBAMT +Im15dmF1bHQuY29tIEludGVybWVkaWF0ZSBBdXRob3JpdHkwggEiMA0GCSqGSIb3 +DQEBAQUAA4IBDwAwggEKAoIBAQDJgfjSJU3B42/tOdKK1bcaDNLkPU+7RSZfcKBN +QxNdTdUcdM03mc2c4jLpLIJnf6yjjL55CWXWN6Zh7OATeowDRoxB4i9xeuF9VzBN +FpvLhvBTzrBlhcrxZiVcErXajqrYkFuNj2U9AH0FikscHZK/L2JDoY+ECuQ9YvP2 +z210Th2gYDmq+dVD089jOMMcwWCJho7y0JLg9bxxWyQ7sErYyNpSeaUkj5fGSI+a +Pjdwaxe40+7g3pm1i9MhlozTjY8FGjbds9jkQnnm8FccOHIAmpAWYy6L9DlRrCZX +EgB30BdPfw3fmW9TfIUso+3AVkBhhe+GxU3hr2Pu1pZiUMF7AgMBAAGjYzBhMA4G +A1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBSgZ/L9D7/e +inNY1U4BsgqthDAaNzAfBgNVHSMEGDAWgBTudQDKuyDQWh3d4QZpfcWTnxBsAjAN +BgkqhkiG9w0BAQsFAAOCAQEA5t+MqeF2yXNLFHsDvtm3uqwtLb5T+1PzjylWEx28 +auvZJRFHuXu/c2MOSK9mEUnG6zAZc7NA73mABrX66wC3SL7lSqTh6upfiXXSS9S/ +TWGzn9QugyT0bIuyjgG2putukkqFVRCq48xm4HNIzLzDjuYdhOI7Fac07MYCNyPS +OSzM6Wh4g8PNLzRqx8jA9EoKxJnA3k8YJrY1p9w6lfhx1kPmDCvIOFQepxYcWwMl +3+WDn2t1Z2TOorlilWUmdzjRfWgJWDngg/RCgWFNdLRAGYZqe2JB71EyUn6Qz0I9 +ww/rgdGhgzHgTJsKKyEDb+P34ulYNnTnlBsqtg1d0oG6dg== +-----END CERTIFICATE----- -----BEGIN CERTIFICATE----- +MIIC8TCCAdmgAwIBAgIUdvO6snQ97Nb3ttVVPllxIQbqhKEwDQYJKoZIhvcNAQEL +BQAwADAeFw0yNDA4MTIwNDM1MTVaFw0yNDA5MTMwNDM1NDRaMAAwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDo39RnGEWwvGd2dWojqezTnnXiOynrFTCm +LgU8fHWinxZBF9B/CS5NxIBkbziMOJ7DEQVPMFGTyJkc4NAaTJdtCpp268ojI2bd +goxotN2mmH8+ZZ+IpN0qwEJtxkX5jZQe8H/SdbSfvMjwOpte6rkETGP3IthjshjX +CRthCMLszFkNYJViMq6Y4DgnEQzbvavlu0U9IHvrjZVtvIf6pxy+P2XeMd4iRdO4 +viy0nRCSnuthIxyNOKoy+VY7FTjs3Vwk0ycd3usZ7+NNHbdaBsFijLZRYc91WlJs +scxDFbiP6ltgbhjA3AHXRniiaVouw0J8wNqUTYRl2ANlC+hZ1VDVAgMBAAGjYzBh +MA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTudQDK +uyDQWh3d4QZpfcWTnxBsAjAfBgNVHSMEGDAWgBTudQDKuyDQWh3d4QZpfcWTnxBs +AjANBgkqhkiG9w0BAQsFAAOCAQEAGh0sBuNRWlTkQvvkUiQUpF/lPn+Dp9E5hwAC +dU6YPubVK2Rx65Y7CU6xkWaqS7qgp8ymwSw0W7aJixO+e/EMe8XAuKONwqUDratf +d2awwgT1C6HRsMEW10UdhAbR/hjV11ViiH+AOyw3R1LNJFUi9fIqOWUqW42KaJHd +cfjcwg/zEvGc9TiuvD7aROQs2x/9TxmSTkjmS90rCnnwMWNVT0CK5c9OOqXPPJtt +8gb9ApKPtJMO/6SFXRjlYyINnQwUUGqPHYvY3ZgKewYC91x1eEc14yp8Q1tz1ZoH +oqLmBtcX4jX1hGPqFnyrF5hEjwcoeDCKS9Flq27pVT6XVcybiw== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/main/resources/vault_auth_config/vault_issuing_ca.pem b/src/main/resources/vault_auth_config/vault_issuing_ca.pem new file mode 100644 index 0000000..0e9823e --- /dev/null +++ b/src/main/resources/vault_auth_config/vault_issuing_ca.pem @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDHjCCAgagAwIBAgIUBtM9fJRnv8YZo7aVgZ0DAevXkHQwDQYJKoZIhvcNAQEL +BQAwADAeFw0yNDA4MTIwNDUyMDFaFw0yNDA5MTMwNDM1NDRaMC0xKzApBgNVBAMT +Im15dmF1bHQuY29tIEludGVybWVkaWF0ZSBBdXRob3JpdHkwggEiMA0GCSqGSIb3 +DQEBAQUAA4IBDwAwggEKAoIBAQDJgfjSJU3B42/tOdKK1bcaDNLkPU+7RSZfcKBN +QxNdTdUcdM03mc2c4jLpLIJnf6yjjL55CWXWN6Zh7OATeowDRoxB4i9xeuF9VzBN +FpvLhvBTzrBlhcrxZiVcErXajqrYkFuNj2U9AH0FikscHZK/L2JDoY+ECuQ9YvP2 +z210Th2gYDmq+dVD089jOMMcwWCJho7y0JLg9bxxWyQ7sErYyNpSeaUkj5fGSI+a +Pjdwaxe40+7g3pm1i9MhlozTjY8FGjbds9jkQnnm8FccOHIAmpAWYy6L9DlRrCZX +EgB30BdPfw3fmW9TfIUso+3AVkBhhe+GxU3hr2Pu1pZiUMF7AgMBAAGjYzBhMA4G +A1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBSgZ/L9D7/e +inNY1U4BsgqthDAaNzAfBgNVHSMEGDAWgBTudQDKuyDQWh3d4QZpfcWTnxBsAjAN +BgkqhkiG9w0BAQsFAAOCAQEA5t+MqeF2yXNLFHsDvtm3uqwtLb5T+1PzjylWEx28 +auvZJRFHuXu/c2MOSK9mEUnG6zAZc7NA73mABrX66wC3SL7lSqTh6upfiXXSS9S/ +TWGzn9QugyT0bIuyjgG2putukkqFVRCq48xm4HNIzLzDjuYdhOI7Fac07MYCNyPS +OSzM6Wh4g8PNLzRqx8jA9EoKxJnA3k8YJrY1p9w6lfhx1kPmDCvIOFQepxYcWwMl +3+WDn2t1Z2TOorlilWUmdzjRfWgJWDngg/RCgWFNdLRAGYZqe2JB71EyUn6Qz0I9 +ww/rgdGhgzHgTJsKKyEDb+P34ulYNnTnlBsqtg1d0oG6dg== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/src/main/resources/vault_auth_config/vault_privkey.pem b/src/main/resources/vault_auth_config/vault_privkey.pem new file mode 100644 index 0000000..6ef005b --- /dev/null +++ b/src/main/resources/vault_auth_config/vault_privkey.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAuXVUC8oKDCSOHbjEaBTJKZvu+m6zS/81IiSpZLAYYY91vafi +UKBP5bd/dxcR4z50HdIXFq5iXpeAxlj4XMRybBE02C6BTOFyyWSQkT5sr/IoquY6 +EZBKtSp1diF9qu3kj5mUzlJMQX3tUB64cfUZGxc9MmNchDL9t3clQHVy6DISJ+rS +B7XULsNqWhZgd1w+cH8XWPdItZtqICtFLTlqGwuRAITcdVHddTjeFZg0jpmUc1Fc +ta6J1TTOv3vdRTPom6X4q+1NMDIIHpFzeJWCU88IX4LUkj4dc7U7f/Avema95ORp +63H6vV/I3ooBd6ovdZSs6hTEVAamtYubTOsAOQIDAQABAoIBAFtMdkajfNTDfi8F +kbMHYIyaVkh1DNFB3t9jGv0Vb7s/i6AFMPWuJgcZkaeH9OdhDHrNvU4OJSEaBmwe +yo2orAelZNVz93Vom0CnwD+wcoMffIO9eSLCXPTY5SB1lk76dAV5fvcfLqkjHBvQ +M87t8SEUDK1smtP94kdaYT1dVGcXv1MhHLpFmwOYZ4Wo40Efyhyth0g29OXAXa3h +DbR+uEn3EPrMP0Kv+V/dM4xhi8S80Br99KCL0hzo2YugfAdUvY4LzAAj4eZnk3ht +rJfG88H/QzHeC0ZcbQrAQCWx6a1tPJ0SRHQRliS3FFa20ny0hZqnHF8opnHHPbgD +QqPw7fECgYEA88aOyfH3MQMCvOYeclh5ripecPZE557ivOiSdRUvxqB3pxUAQM// +FpgNskSOF1Kbj2P3tecVQGKmyiYUFugbn6rkv9yJAFATKT7LunYUYN+yJjXzp9zd +o0zhu5yPOp0qToNVLRwX7O4EGlN+BoI8KSGVjaNqawPldJQoUDgiK6UCgYEAwsIg +8T7eNy9P4jX8kpvRX/yvnoYx9C+mgKdKAgPlUqI/t9pCDvhyQO0QvLN9V4t6dE6l +P9NM8OvUkAJ4OfWGIIfAPt1n0rF//EW/w3TRCaRE1WTs6kJnePG1WSKYPj4OmHL4 +KblhSe3x6SKfrUPZZVJtgLaLtTfeGm9lGORergUCgYEAjtxzO8gQrGluRlO5zhsp +nDb6R8sbUH4dtMW7ZuA2snnCBWnaTyFWBeCwTiO8/dAMmDjmp3S4UJY/1sIADfiS +j7zv97x/kW5b/FTvweOHR8pwtdHybBKU1SmuNGuoyJnofECdPyVypAhM4TzC43+Z +UCV9Zpc5O2P6KZrWEUUESX0CgYAZ2qN84xekw8cbBIeu/rhgwa6eoLno7Jpx4cNV +WScMPTWwNm0mh5zDObVLF5jAEmgDIJ2XR3mjUes54toK96kCkILY1ZN+yMlwt+Gp +FMzbNs9cdLVus7oAuDWWy5ziRmKxojGHeHCN2+SNSmdgHO2zIaofuBv7xprZb4hA +MbDP8QKBgQCqpLVUWYgEau+mRT9edyz/5yLFHxbVMmNZdyhj0JtGu+tEJVyFxhZU +4K+uvh05rTzHW0dSBL4RKIyaK4bpyHguwPy6YVKbtqiemXQX5QPcuc9EkugG/dN5 +NAemlRD8jdblwM45JaOxsn9jvNOEO0yrSev/bGAhGz72RW5rxg0lrw== +-----END RSA PRIVATE KEY----- \ No newline at end of file