Using VaultTemplate with username and password The 2019 Stack Overflow Developer Survey Results Are In Announcing the arrival of Valued Associate #679: Cesar Manara Planned maintenance scheduled April 17/18, 2019 at 00:00UTC (8:00pm US/Eastern) The Ask Question Wizard is Live! Data science time! April 2019 and salary with experienceHow to open a new page (internal link) in GWT?Why is char[] preferred over String for passwords?Difference between java.util.Random and java.security.SecureRandomWhy ContextLoaderListener is to be registered after Log4jConfigListenerHow to use Spring StandardPasswordEncode and Get Salt Generate?Storing a password locally using Java keystoreHow to manage database connection pool in spring jpa?How can I pass parameter class name in generic constructorProduction Environment for Spring Cloud Config using Git/VaultSource Code for Spring LinkedMultiValueMap
Can a 1st-level character have an ability score above 18?
Why did all the guest students take carriages to the Yule Ball?
How did passengers keep warm on sail ships?
Is it ethical to upload a automatically generated paper to a non peer-reviewed site as part of a larger research?
Create an outline of font
What are these Gizmos at Izaña Atmospheric Research Center in Spain?
Wolves and sheep
How do you keep chess fun when your opponent constantly beats you?
When did F become S in typeography, and why?
Was credit for the black hole image misattributed?
Typeface like Times New Roman but with "tied" percent sign
I could not break this equation. Please help me
Take groceries in checked luggage
Simulation of a banking system with an Account class in C++
Can withdrawing asylum be illegal?
Semisimplicity of the category of coherent sheaves?
University's motivation for having tenure-track positions
Is this wall load bearing? Blueprints and photos attached
Can smartphones with the same camera sensor have different image quality?
Am I ethically obligated to go into work on an off day if the reason is sudden?
Road tyres vs "Street" tyres for charity ride on MTB Tandem
How to split my screen on my Macbook Air?
Mortgage adviser recommends a longer term than necessary combined with overpayments
What aspect of planet Earth must be changed to prevent the industrial revolution?
Using VaultTemplate with username and password
The 2019 Stack Overflow Developer Survey Results Are In
Announcing the arrival of Valued Associate #679: Cesar Manara
Planned maintenance scheduled April 17/18, 2019 at 00:00UTC (8:00pm US/Eastern)
The Ask Question Wizard is Live!
Data science time! April 2019 and salary with experienceHow to open a new page (internal link) in GWT?Why is char[] preferred over String for passwords?Difference between java.util.Random and java.security.SecureRandomWhy ContextLoaderListener is to be registered after Log4jConfigListenerHow to use Spring StandardPasswordEncode and Get Salt Generate?Storing a password locally using Java keystoreHow to manage database connection pool in spring jpa?How can I pass parameter class name in generic constructorProduction Environment for Spring Cloud Config using Git/VaultSource Code for Spring LinkedMultiValueMap
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty height:90px;width:728px;box-sizing:border-box;
I'm following a Spring Vault tutorial https://docs.spring.io/spring-vault/docs/current/reference/html/index.html and I have successfully connected the Java program with Vault through token access. In the picture below, tab number 1.
VaultTemplate vaultTemplate = new VaultTemplate(endpoint, new TokenAuthentication("MySecretToken"));
How do I instantiate the VaultTemplate using user name and password such as when we login through the Vault WebUI in this option (tab number 2)?:
I'm looking at this JavaDoc, but it's not obvious which one to pick:
https://docs.spring.io/spring-vault/docs/current/api/index.html?overview-summary.html
So in another word: How do I connect with Vault, using spring-vault, using username+password instead of token? Or at the very least, I need a pointer on how to generate a token with username+password
java hashicorp-vault spring-vault
asked Mar 8 at 13:42
RonPringadiRonPringadi
377216
add a comment |
I'm following a Spring Vault tutorial https://docs.spring.io/spring-vault/docs/current/reference/html/index.html and I have successfully connected the Java program with Vault through token access. In the picture below, tab number 1.
VaultTemplate vaultTemplate = new VaultTemplate(endpoint, new TokenAuthentication("MySecretToken"));
How do I instantiate the VaultTemplate using user name and password such as when we login through the Vault WebUI in this option (tab number 2)?:
I'm looking at this JavaDoc, but it's not obvious which one to pick:
https://docs.spring.io/spring-vault/docs/current/api/index.html?overview-summary.html
So in another word: How do I connect with Vault, using spring-vault, using username+password instead of token? Or at the very least, I need a pointer on how to generate a token with username+password
java hashicorp-vault spring-vault
asked Mar 8 at 13:42
RonPringadiRonPringadi
377216
1
spring-vault doesn't seem to implement user/pass auth. Your best bet would be to implement ClientAuthentication yourself and call the Vault API, or find someone who has done it. Also I don't know what problem you're solving, but if it's just an application, AppRole authentication should be the way to go anyway.
– h3rmanj
Mar 8 at 14:41
add a comment |
I'm following a Spring Vault tutorial https://docs.spring.io/spring-vault/docs/current/reference/html/index.html and I have successfully connected the Java program with Vault through token access. In the picture below, tab number 1.
VaultTemplate vaultTemplate = new VaultTemplate(endpoint, new TokenAuthentication("MySecretToken"));
How do I instantiate the VaultTemplate using user name and password such as when we login through the Vault WebUI in this option (tab number 2)?:
I'm looking at this JavaDoc, but it's not obvious which one to pick:
https://docs.spring.io/spring-vault/docs/current/api/index.html?overview-summary.html
So in another word: How do I connect with Vault, using spring-vault, using username+password instead of token? Or at the very least, I need a pointer on how to generate a token with username+password
java hashicorp-vault spring-vault
asked Mar 8 at 13:42
RonPringadiRonPringadi
377216
I'm following a Spring Vault tutorial https://docs.spring.io/spring-vault/docs/current/reference/html/index.html and I have successfully connected the Java program with Vault through token access. In the picture below, tab number 1.
VaultTemplate vaultTemplate = new VaultTemplate(endpoint, new TokenAuthentication("MySecretToken"));
How do I instantiate the VaultTemplate using user name and password such as when we login through the Vault WebUI in this option (tab number 2)?:
I'm looking at this JavaDoc, but it's not obvious which one to pick:
https://docs.spring.io/spring-vault/docs/current/api/index.html?overview-summary.html
So in another word: How do I connect with Vault, using spring-vault, using username+password instead of token? Or at the very least, I need a pointer on how to generate a token with username+password
java hashicorp-vault spring-vault
java hashicorp-vault spring-vault
asked Mar 8 at 13:42
RonPringadiRonPringadi
377216
asked Mar 8 at 13:42
RonPringadiRonPringadi
377216
edited Mar 8 at 14:34
RonPringadi
asked Mar 8 at 13:42
RonPringadiRonPringadi
377216
asked Mar 8 at 13:42
RonPringadiRonPringadi
377216
asked Mar 8 at 13:42
RonPringadiRonPringadi
377216
377216
1
spring-vault doesn't seem to implement user/pass auth. Your best bet would be to implement ClientAuthentication yourself and call the Vault API, or find someone who has done it. Also I don't know what problem you're solving, but if it's just an application, AppRole authentication should be the way to go anyway.
– h3rmanj
Mar 8 at 14:41
add a comment |
1
spring-vault doesn't seem to implement user/pass auth. Your best bet would be to implement ClientAuthentication yourself and call the Vault API, or find someone who has done it. Also I don't know what problem you're solving, but if it's just an application, AppRole authentication should be the way to go anyway.
– h3rmanj
Mar 8 at 14:41
1
1
spring-vault doesn't seem to implement user/pass auth. Your best bet would be to implement ClientAuthentication yourself and call the Vault API, or find someone who has done it. Also I don't know what problem you're solving, but if it's just an application, AppRole authentication should be the way to go anyway.
– h3rmanj
Mar 8 at 14:41
spring-vault doesn't seem to implement user/pass auth. Your best bet would be to implement ClientAuthentication yourself and call the Vault API, or find someone who has done it. Also I don't know what problem you're solving, but if it's just an application, AppRole authentication should be the way to go anyway.
– h3rmanj
Mar 8 at 14:41
add a comment |
1 Answer
1
active
oldest
votes
As @h3rmanj indicated, Spring Vault does not support username/password authentication because this method is intended for human authentication, not machine-to-machine authentication.
Authentication depends on your threat model and how you can/want to address the exploitation of credentials in case of a breach. With username/password, you basically need to lock the user of a breached account. This is unfortunate as these accounts tend to be associated with people and you would lock out an operator.
If you use AppRole, you get two factors and you can segregate accounts by application type. Using tokens gives you the most flexibility if you do not reuse the token across multiple applications. Reuse is convenient but also if you encounter a breach, you have to take all applications offline that share the same token. So assigning individual tokens comes with the highest flexibility and the highest amount of operational overhead.
Anything in between is a compromise between a reaction to potential breaches and the amount of operational work.
HTH.
answered Mar 19 at 10:55
mp911demp911de
9,94322355
add a comment |
Your Answer
StackExchange.ifUsing("editor", function ()
StackExchange.using("externalEditor", function ()
StackExchange.using("snippets", function ()
StackExchange.snippets.init();
);
);
, "code-snippets");
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "1"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f55064466%2fusing-vaulttemplate-with-username-and-password%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
As @h3rmanj indicated, Spring Vault does not support username/password authentication because this method is intended for human authentication, not machine-to-machine authentication.
Authentication depends on your threat model and how you can/want to address the exploitation of credentials in case of a breach. With username/password, you basically need to lock the user of a breached account. This is unfortunate as these accounts tend to be associated with people and you would lock out an operator.
If you use AppRole, you get two factors and you can segregate accounts by application type. Using tokens gives you the most flexibility if you do not reuse the token across multiple applications. Reuse is convenient but also if you encounter a breach, you have to take all applications offline that share the same token. So assigning individual tokens comes with the highest flexibility and the highest amount of operational overhead.
Anything in between is a compromise between a reaction to potential breaches and the amount of operational work.
HTH.
answered Mar 19 at 10:55
mp911demp911de
9,94322355
add a comment |
As @h3rmanj indicated, Spring Vault does not support username/password authentication because this method is intended for human authentication, not machine-to-machine authentication.
Authentication depends on your threat model and how you can/want to address the exploitation of credentials in case of a breach. With username/password, you basically need to lock the user of a breached account. This is unfortunate as these accounts tend to be associated with people and you would lock out an operator.
If you use AppRole, you get two factors and you can segregate accounts by application type. Using tokens gives you the most flexibility if you do not reuse the token across multiple applications. Reuse is convenient but also if you encounter a breach, you have to take all applications offline that share the same token. So assigning individual tokens comes with the highest flexibility and the highest amount of operational overhead.
Anything in between is a compromise between a reaction to potential breaches and the amount of operational work.
HTH.
answered Mar 19 at 10:55
mp911demp911de
9,94322355
add a comment |
As @h3rmanj indicated, Spring Vault does not support username/password authentication because this method is intended for human authentication, not machine-to-machine authentication.
Authentication depends on your threat model and how you can/want to address the exploitation of credentials in case of a breach. With username/password, you basically need to lock the user of a breached account. This is unfortunate as these accounts tend to be associated with people and you would lock out an operator.
If you use AppRole, you get two factors and you can segregate accounts by application type. Using tokens gives you the most flexibility if you do not reuse the token across multiple applications. Reuse is convenient but also if you encounter a breach, you have to take all applications offline that share the same token. So assigning individual tokens comes with the highest flexibility and the highest amount of operational overhead.
Anything in between is a compromise between a reaction to potential breaches and the amount of operational work.
HTH.
answered Mar 19 at 10:55
mp911demp911de
9,94322355
As @h3rmanj indicated, Spring Vault does not support username/password authentication because this method is intended for human authentication, not machine-to-machine authentication.
Authentication depends on your threat model and how you can/want to address the exploitation of credentials in case of a breach. With username/password, you basically need to lock the user of a breached account. This is unfortunate as these accounts tend to be associated with people and you would lock out an operator.
If you use AppRole, you get two factors and you can segregate accounts by application type. Using tokens gives you the most flexibility if you do not reuse the token across multiple applications. Reuse is convenient but also if you encounter a breach, you have to take all applications offline that share the same token. So assigning individual tokens comes with the highest flexibility and the highest amount of operational overhead.
Anything in between is a compromise between a reaction to potential breaches and the amount of operational work.
HTH.
answered Mar 19 at 10:55
mp911demp911de
9,94322355
answered Mar 19 at 10:55
mp911demp911de
9,94322355
answered Mar 19 at 10:55
mp911demp911de
9,94322355
answered Mar 19 at 10:55
mp911demp911de
9,94322355
9,94322355
add a comment |
add a comment |
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f55064466%2fusing-vaulttemplate-with-username-and-password%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
1
spring-vault doesn't seem to implement user/pass auth. Your best bet would be to implement ClientAuthentication yourself and call the Vault API, or find someone who has done it. Also I don't know what problem you're solving, but if it's just an application, AppRole authentication should be the way to go anyway.
– h3rmanj
Mar 8 at 14:41