Using VaultTemplate with username and password The 2019 Stack Overflow Developer Survey Results Are In Announcing the arrival of Valued Associate #679: Cesar Manara Planned maintenance scheduled April 17/18, 2019 at 00:00UTC (8:00pm US/Eastern) The Ask Question Wizard is Live! Data science time! April 2019 and salary with experienceHow to open a new page (internal link) in GWT?Why is char[] preferred over String for passwords?Difference between java.util.Random and java.security.SecureRandomWhy ContextLoaderListener is to be registered after Log4jConfigListenerHow to use Spring StandardPasswordEncode and Get Salt Generate?Storing a password locally using Java keystoreHow to manage database connection pool in spring jpa?How can I pass parameter class name in generic constructorProduction Environment for Spring Cloud Config using Git/VaultSource Code for Spring LinkedMultiValueMap

Can a 1st-level character have an ability score above 18?

Why did all the guest students take carriages to the Yule Ball?

How did passengers keep warm on sail ships?

Is it ethical to upload a automatically generated paper to a non peer-reviewed site as part of a larger research?

Create an outline of font

What are these Gizmos at Izaña Atmospheric Research Center in Spain?

Wolves and sheep

How do you keep chess fun when your opponent constantly beats you?

When did F become S in typeography, and why?

Was credit for the black hole image misattributed?

Typeface like Times New Roman but with "tied" percent sign

I could not break this equation. Please help me

Take groceries in checked luggage

Simulation of a banking system with an Account class in C++

Can withdrawing asylum be illegal?

Semisimplicity of the category of coherent sheaves?

University's motivation for having tenure-track positions

Is this wall load bearing? Blueprints and photos attached

Can smartphones with the same camera sensor have different image quality?

Am I ethically obligated to go into work on an off day if the reason is sudden?

Road tyres vs "Street" tyres for charity ride on MTB Tandem

How to split my screen on my Macbook Air?

Mortgage adviser recommends a longer term than necessary combined with overpayments

What aspect of planet Earth must be changed to prevent the industrial revolution?



Using VaultTemplate with username and password



The 2019 Stack Overflow Developer Survey Results Are In
Announcing the arrival of Valued Associate #679: Cesar Manara
Planned maintenance scheduled April 17/18, 2019 at 00:00UTC (8:00pm US/Eastern)
The Ask Question Wizard is Live!
Data science time! April 2019 and salary with experienceHow to open a new page (internal link) in GWT?Why is char[] preferred over String for passwords?Difference between java.util.Random and java.security.SecureRandomWhy ContextLoaderListener is to be registered after Log4jConfigListenerHow to use Spring StandardPasswordEncode and Get Salt Generate?Storing a password locally using Java keystoreHow to manage database connection pool in spring jpa?How can I pass parameter class name in generic constructorProduction Environment for Spring Cloud Config using Git/VaultSource Code for Spring LinkedMultiValueMap



.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty height:90px;width:728px;box-sizing:border-box;








0















I'm following a Spring Vault tutorial https://docs.spring.io/spring-vault/docs/current/reference/html/index.html and I have successfully connected the Java program with Vault through token access. In the picture below, tab number 1.



VaultTemplate vaultTemplate = new VaultTemplate(endpoint, new TokenAuthentication("MySecretToken"));



How do I instantiate the VaultTemplate using user name and password such as when we login through the Vault WebUI in this option (tab number 2)?:
enter image description here



I'm looking at this JavaDoc, but it's not obvious which one to pick:
https://docs.spring.io/spring-vault/docs/current/api/index.html?overview-summary.html



So in another word: How do I connect with Vault, using spring-vault, using username+password instead of token? Or at the very least, I need a pointer on how to generate a token with username+password






java hashicorp-vault spring-vault







share|improve this question



















  • 1





    spring-vault doesn't seem to implement user/pass auth. Your best bet would be to implement ClientAuthentication yourself and call the Vault API, or find someone who has done it. Also I don't know what problem you're solving, but if it's just an application, AppRole authentication should be the way to go anyway.

    – h3rmanj
    Mar 8 at 14:41

















0















I'm following a Spring Vault tutorial https://docs.spring.io/spring-vault/docs/current/reference/html/index.html and I have successfully connected the Java program with Vault through token access. In the picture below, tab number 1.



VaultTemplate vaultTemplate = new VaultTemplate(endpoint, new TokenAuthentication("MySecretToken"));



How do I instantiate the VaultTemplate using user name and password such as when we login through the Vault WebUI in this option (tab number 2)?:
enter image description here



I'm looking at this JavaDoc, but it's not obvious which one to pick:
https://docs.spring.io/spring-vault/docs/current/api/index.html?overview-summary.html



So in another word: How do I connect with Vault, using spring-vault, using username+password instead of token? Or at the very least, I need a pointer on how to generate a token with username+password






java hashicorp-vault spring-vault







share|improve this question



















  • 1





    spring-vault doesn't seem to implement user/pass auth. Your best bet would be to implement ClientAuthentication yourself and call the Vault API, or find someone who has done it. Also I don't know what problem you're solving, but if it's just an application, AppRole authentication should be the way to go anyway.

    – h3rmanj
    Mar 8 at 14:41













0












0








0








I'm following a Spring Vault tutorial https://docs.spring.io/spring-vault/docs/current/reference/html/index.html and I have successfully connected the Java program with Vault through token access. In the picture below, tab number 1.



VaultTemplate vaultTemplate = new VaultTemplate(endpoint, new TokenAuthentication("MySecretToken"));



How do I instantiate the VaultTemplate using user name and password such as when we login through the Vault WebUI in this option (tab number 2)?:
enter image description here



I'm looking at this JavaDoc, but it's not obvious which one to pick:
https://docs.spring.io/spring-vault/docs/current/api/index.html?overview-summary.html



So in another word: How do I connect with Vault, using spring-vault, using username+password instead of token? Or at the very least, I need a pointer on how to generate a token with username+password






java hashicorp-vault spring-vault







share|improve this question
















I'm following a Spring Vault tutorial https://docs.spring.io/spring-vault/docs/current/reference/html/index.html and I have successfully connected the Java program with Vault through token access. In the picture below, tab number 1.



VaultTemplate vaultTemplate = new VaultTemplate(endpoint, new TokenAuthentication("MySecretToken"));



How do I instantiate the VaultTemplate using user name and password such as when we login through the Vault WebUI in this option (tab number 2)?:
enter image description here



I'm looking at this JavaDoc, but it's not obvious which one to pick:
https://docs.spring.io/spring-vault/docs/current/api/index.html?overview-summary.html



So in another word: How do I connect with Vault, using spring-vault, using username+password instead of token? Or at the very least, I need a pointer on how to generate a token with username+password






java hashicorp-vault spring-vault




java hashicorp-vault spring-vault






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Mar 8 at 14:34







RonPringadi

















asked Mar 8 at 13:42









RonPringadiRonPringadi

377216




377216







  • 1





    spring-vault doesn't seem to implement user/pass auth. Your best bet would be to implement ClientAuthentication yourself and call the Vault API, or find someone who has done it. Also I don't know what problem you're solving, but if it's just an application, AppRole authentication should be the way to go anyway.

    – h3rmanj
    Mar 8 at 14:41












  • 1





    spring-vault doesn't seem to implement user/pass auth. Your best bet would be to implement ClientAuthentication yourself and call the Vault API, or find someone who has done it. Also I don't know what problem you're solving, but if it's just an application, AppRole authentication should be the way to go anyway.

    – h3rmanj
    Mar 8 at 14:41







1




1





spring-vault doesn't seem to implement user/pass auth. Your best bet would be to implement ClientAuthentication yourself and call the Vault API, or find someone who has done it. Also I don't know what problem you're solving, but if it's just an application, AppRole authentication should be the way to go anyway.

– h3rmanj
Mar 8 at 14:41





spring-vault doesn't seem to implement user/pass auth. Your best bet would be to implement ClientAuthentication yourself and call the Vault API, or find someone who has done it. Also I don't know what problem you're solving, but if it's just an application, AppRole authentication should be the way to go anyway.

– h3rmanj
Mar 8 at 14:41












1 Answer
1






active

oldest

votes


















1














As @h3rmanj indicated, Spring Vault does not support username/password authentication because this method is intended for human authentication, not machine-to-machine authentication.



Authentication depends on your threat model and how you can/want to address the exploitation of credentials in case of a breach. With username/password, you basically need to lock the user of a breached account. This is unfortunate as these accounts tend to be associated with people and you would lock out an operator.



If you use AppRole, you get two factors and you can segregate accounts by application type. Using tokens gives you the most flexibility if you do not reuse the token across multiple applications. Reuse is convenient but also if you encounter a breach, you have to take all applications offline that share the same token. So assigning individual tokens comes with the highest flexibility and the highest amount of operational overhead.



Anything in between is a compromise between a reaction to potential breaches and the amount of operational work.



HTH.






share|improve this answer























    Your Answer






    StackExchange.ifUsing("editor", function ()
    StackExchange.using("externalEditor", function ()
    StackExchange.using("snippets", function ()
    StackExchange.snippets.init();
    );
    );
    , "code-snippets");

    StackExchange.ready(function()
    var channelOptions =
    tags: "".split(" "),
    id: "1"
    ;
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function()
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled)
    StackExchange.using("snippets", function()
    createEditor();
    );

    else
    createEditor();

    );

    function createEditor()
    StackExchange.prepareEditor(
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: true,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: 10,
    bindNavPrevention: true,
    postfix: "",
    imageUploader:
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    ,
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    );



    );













    draft saved

    draft discarded


















    StackExchange.ready(
    function ()
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f55064466%2fusing-vaulttemplate-with-username-and-password%23new-answer', 'question_page');

    );

    Post as a guest















    Required, but never shown

























    1 Answer
    1






    active

    oldest

    votes








    1 Answer
    1






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    1














    As @h3rmanj indicated, Spring Vault does not support username/password authentication because this method is intended for human authentication, not machine-to-machine authentication.



    Authentication depends on your threat model and how you can/want to address the exploitation of credentials in case of a breach. With username/password, you basically need to lock the user of a breached account. This is unfortunate as these accounts tend to be associated with people and you would lock out an operator.



    If you use AppRole, you get two factors and you can segregate accounts by application type. Using tokens gives you the most flexibility if you do not reuse the token across multiple applications. Reuse is convenient but also if you encounter a breach, you have to take all applications offline that share the same token. So assigning individual tokens comes with the highest flexibility and the highest amount of operational overhead.



    Anything in between is a compromise between a reaction to potential breaches and the amount of operational work.



    HTH.






    share|improve this answer



























      1














      As @h3rmanj indicated, Spring Vault does not support username/password authentication because this method is intended for human authentication, not machine-to-machine authentication.



      Authentication depends on your threat model and how you can/want to address the exploitation of credentials in case of a breach. With username/password, you basically need to lock the user of a breached account. This is unfortunate as these accounts tend to be associated with people and you would lock out an operator.



      If you use AppRole, you get two factors and you can segregate accounts by application type. Using tokens gives you the most flexibility if you do not reuse the token across multiple applications. Reuse is convenient but also if you encounter a breach, you have to take all applications offline that share the same token. So assigning individual tokens comes with the highest flexibility and the highest amount of operational overhead.



      Anything in between is a compromise between a reaction to potential breaches and the amount of operational work.



      HTH.






      share|improve this answer

























        1












        1








        1







        As @h3rmanj indicated, Spring Vault does not support username/password authentication because this method is intended for human authentication, not machine-to-machine authentication.



        Authentication depends on your threat model and how you can/want to address the exploitation of credentials in case of a breach. With username/password, you basically need to lock the user of a breached account. This is unfortunate as these accounts tend to be associated with people and you would lock out an operator.



        If you use AppRole, you get two factors and you can segregate accounts by application type. Using tokens gives you the most flexibility if you do not reuse the token across multiple applications. Reuse is convenient but also if you encounter a breach, you have to take all applications offline that share the same token. So assigning individual tokens comes with the highest flexibility and the highest amount of operational overhead.



        Anything in between is a compromise between a reaction to potential breaches and the amount of operational work.



        HTH.






        share|improve this answer













        As @h3rmanj indicated, Spring Vault does not support username/password authentication because this method is intended for human authentication, not machine-to-machine authentication.



        Authentication depends on your threat model and how you can/want to address the exploitation of credentials in case of a breach. With username/password, you basically need to lock the user of a breached account. This is unfortunate as these accounts tend to be associated with people and you would lock out an operator.



        If you use AppRole, you get two factors and you can segregate accounts by application type. Using tokens gives you the most flexibility if you do not reuse the token across multiple applications. Reuse is convenient but also if you encounter a breach, you have to take all applications offline that share the same token. So assigning individual tokens comes with the highest flexibility and the highest amount of operational overhead.



        Anything in between is a compromise between a reaction to potential breaches and the amount of operational work.



        HTH.







        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered Mar 19 at 10:55









        mp911demp911de

        9,94322355




        9,94322355





























            draft saved

            draft discarded
















































            Thanks for contributing an answer to Stack Overflow!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid


            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.

            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f55064466%2fusing-vaulttemplate-with-username-and-password%23new-answer', 'question_page');

            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            -

            Popular posts from this blog

            Save data to MySQL database using ExtJS and PHP [closed]2019 Community Moderator ElectionHow can I prevent SQL injection in PHP?Which MySQL data type to use for storing boolean valuesPHP: Delete an element from an arrayHow do I connect to a MySQL Database in Python?Should I use the datetime or timestamp data type in MySQL?How to get a list of MySQL user accountsHow Do You Parse and Process HTML/XML in PHP?Reference — What does this symbol mean in PHP?How does PHP 'foreach' actually work?Why shouldn't I use mysql_* functions in PHP?

            Image
            Does this AnyDice function accurately calculate the number of ogres you make unconcious with three 4th-level castings of Sleep? Making a sword in the stone, in a medieval world without magic Identifying the interval from A♭ to D♯ Why is Vishnu's skin colour mentioned as both white and blue in the Vishnu-sahasranaama? SQL Server Primary Login Restrictions Have researchers managed to "reverse time"? If so, what does that mean for physics? Why does Deadpool say "You're welcome, Canada," after shooting Ryan Reynolds in the end credits? Check this translation of Amores 1.3.26 Why did it take so long to abandon sail after steamships were demonstrated? Plot a function of two variables equal 0 2D counterpart of std::array in C++17 Could the Saturn V actually have launched astronauts around Venus? Why is "das Weib" grammatically neuter? How to make healing in an exploration game interesting Life insurance that covers only simulta
            Read more

            Compiling GNU Global with universal-ctags support Announcing the arrival of Valued Associate #679: Cesar Manara Planned maintenance scheduled April 23, 2019 at 23:30 UTC (7:30pm US/Eastern) Data science time! April 2019 and salary with experience The Ask Question Wizard is Live!Tags for Emacs: Relationship between etags, ebrowse, cscope, GNU Global and exuberant ctagsVim and Ctags tips and trickscscope or ctags why choose one over the other?scons and ctagsctags cannot open option file “.ctags”Adding tag scopes in universal-ctagsShould I use Universal-ctags?Universal ctags on WindowsHow do I install GNU Global with universal ctags support using Homebrew?Universal ctags with emacsHow to highlight ctags generated by Universal Ctags in Vim?

            Image
            How to ask rejected full-time candidates to apply to teach individual courses? Why these surprising proportionalities of integrals involving odd zeta values? A German immigrant ancestor has a "Registration Affidavit of Alien Enemy" on file. What does that mean exactly? Why did Israel vote against lifting the American embargo on Cuba? Unix AIX passing variable and arguments to expect and spawn Kepler's 3rd law: ratios don't fit data Why does my GNOME settings mention "Moto C Plus"? Continue tikz picture on next page What documents does someone with a long-term visa need to travel to another Schengen country? “Since the train was delayed for more than an hour, passengers were given a full refund.” – Why is there no article before “passengers”? How to create a command for the "strange m" symbol in latex? How to get a single big right brace? Is the Mordenkainen's Sword spell underpowered? Why did Bronn offer to be Tyrion L
            Read more

            Add ONERROR event to image from jsp tldHow to add an image to a JPanel?Saving image from PHP URLHTML img scalingCheck if an image is loaded (no errors) with jQueryHow to force an <img> to take up width, even if the image is not loadedHow do I populate hidden form field with a value set in Spring ControllerStyling Raw elements Generated from JSP tagds with Jquery MobileLimit resizing of images with explicitly set width and height attributeserror TLD use in a jsp fileJsp tld files cannot be resolved

            Image
            At which point does a character regain all their Hit Dice? Why are on-board computers allowed to change controls without notifying the pilots? How do I keep an essay about "feeling flat" from feeling flat? Time travel short story where a man arrives in the late 19th century in a time machine and then sends the machine back into the past How to be diplomatic in refusing to write code that breaches the privacy of our users Understanding "audieritis" in Psalm 94 Greatest common substring Go Pregnant or Go Home Why did Kant, Hegel, and Adorno leave some words and phrases in the Greek alphabet? What to do with wrong results in talks? Failed to fetch jessie backports repository Increase performance creating Mandelbrot set in python How can I replace every global instance of "x[2]" with "x_2" What are the ramifications of creating a homebrew world without an Astral Plane? Are there any comparative studies done between Ashtava
            Read more