This setup was originally done for
by @3jmaster
-
Scripts were written on MacOS machine, please modify as needed for your environment
-
Basic general knowledge of Docker, HashiCorp Vault, GitLab, GitHub, MongoDB, CICD, bash, etc...
-
Run bash scripts in numeric order in
./code/vault
folder, more instructions here -
Manage Secrets from Vault-UI (
http://localhost:80
) on your browser or from your CLI (vault write ...) -
Run bash script in
./code/my-demo-app/docker_build.sh
to build image locally -
Run bash script in
./code/my-demo-app/docker_run.sh
to run image locally -
View the web app on your browser: http://localhost:3000
-
Cheers!
~ ~
( o )o)
( o )o )o)
(o( ~~~~~~~~o
( )' ~~~~~~~'
( )|) |-.
o| _ |-. \
o| |_||_) | \ \
| | ||_) | | |
o| | / /
| |." "
| |- '
.========. mb
-
My Demo App @ http://app.thepingofhealth.com:8888/
- Mark your presence! Submit your name and a quote! :)
-
Vault @ http://master.thepingofhealth.com:8200/ui
-
Try it using low-risk, read-only credentials user:fabian and password:fabian15awesome
-
Permissions to see
secret/example/test
andsecret/example/mongodb-read
-
-
Merging any changes into master branch will get the changes to be live
-
Secrets are managed centrally
-
Secrets can be rotated easily
-
Compromised secrets can be revoked, and rotated easily
-
Lowers the risk of exposing valid secrets because secrets can be revoked and rotated immediately when:
-
developers lose a machine that contains secrets
-
when secrets are accidentally checked into source code repository
-
Secret management server issues secrets only to authorized developers through user policies and management
-
Authorized developers can retrieve the latest secrets through API calls and not ask fellow developers
-
Audit log of the retrieval of secrets
-
One-time unwrap feature can ensure tokens are read once (HashiCorp Vault)
-
Vault Binary - https://vaultproject.io
-
Vault Docker Image - https://hub.docker.com/_/vault/
-
Vault UI - https://github.com/djenriquez/vault-ui
-
CRUD Web App Instructions - https://zellwk.com/blog/crud-express-mongodb/
-
Dockerize NodeJS app - https://nodejs.org/en/docs/guides/nodejs-docker-webapp/