Nice job. I installed vault with helm and wanted to test it. I used your tutorial to connect posgresql to vault . Working perfect. I`d like to test it with mysql or some other as well. Thanks for the tutorial.

I've got the exact same Coffee Maker, and soon also a shiny new Vault in my Kubernetes Cluster

Interesting video, I’d liked to of seen you cover off what happens when the password expires.

great job man!! I really appreciate the effort

The perfect video which I was looking for .. thanks devops guy ❤️

@pratikbhandari5649

3 жыл бұрын

Can you please send me repo without tls .. thanks for advance

Thank you for super great tutorials, just what I was waiting for. If You will have time, please make tutorial with Istio and Kubernetes. How to setup and configure correctly. Thank you.

Using it for AWS RDS and GCP Cloud Storage at the same time. Managing applications in AWS accessing the DB in GCP.

Perfect. Thank you

I'd like to se automated ways to get secrets into the vault

RAD. This is going to be great!

Thanks a lot !

Thanks!

great videos! can you please do a video on vault with Azure? Thank you so. much!!

Seems like vault could be used to generate certificates to sign json web tokens

Hi Bro!! Nice.

Hello Thanks For the Video Can you please clarify my doubt Suppose that my application (stateless) is running on an EKS cluster and I'm running the RDS database that is connected to that Stateless application And I'm using java.properties file to defining the username and password Now it is not good practice to add the password in the plain text format inside java.properties How can I connect my stateless java application to the RDS database using vault?

@MarcelDempers

2 жыл бұрын

Applications can only get their inputs from either environment variables or from files. For example, TLS certificates are stored on file and use Linux file permissions to secure it so only your application process is allowed to read that file. You can store your password in a Kubernetes secret if running in K8s and inject it into your java properties file at runtime or store the entire file as a K8s secret. Or resort to getting your credentials from ENV variables and not store it in the java properties file. Passwords are generally stored in configs, so it's not unusual to do so. If you are are concerned about it, there are ways to encrypt passwords before storing them in configs too. In this video, Vault simply automates the credential rotation and automates writing it to file. If you want to go one step further and not store your credential in file, you can use the Vault SDK and write Java code to pull the secrets from Vault and authenticate using K8s service account. Hope that helps

Hi, thanks for the video! But I wonder, what if our application still running but the postgres credentials has been expired, what will happend to the executed queries? Thanks!

@MarcelDempers

3 жыл бұрын

It would be important to adapt the application code in order to detect that the secret file changed on disk and reload + establish a new SQL connection. I would then play with the Vault settings to see if you can overlap the secret creation with the TTL in order to keep existing queries from finishing in time (drain old connections) and have all new queries go through the new connection with the new secret.

@clavianusjuneardo27

3 жыл бұрын

@@MarcelDempers it seems possible but would make a millisec downtime I think, since there'll be a transition period between old connection and new connection. But, thanks for the answer! Hope you make a video about the database static roles!

@MarcelDempers

3 жыл бұрын

This is why you would drain old connections (let queries finish) and open new connection with the new secret. Having the old and new credential TTL overlap allows a smooth transition. Similar to how you drain web server traffic when doing a rolling deployment. I've worked with folks who have implemented this successfully with other databases so depends how you configure it

@clavianusjuneardo27

3 жыл бұрын

@@MarcelDempers Got it, many thanks!

Can you please guide us how can we rotate database secret for mongoDB and how to inject that into Spring boot service. I searched the whole internet but unable to find the solutions

Hey Hi. How are you. I need some help to auto unseal vault using shell script in kubernetes yaml files, can you please help me out, if you dont mind.

Hey Hi. i have facing some issue after vault configuration on ibm kubernetes cluster, i have given Key shares and Key threshold numbers after that i clicked on intilize i got this below issue "Error failed to initialize barrier: failed to persist keyring: mkdir /vault/data/core: permission denied", can you please help me out for this one

@MarcelDempers

3 жыл бұрын

"mkdir /vault/data/core: permission denied" states your vault process cannot access its data folder. All volumes are mounted as root by default. In the video, we ensure ownership to the vault user with an init container and chmod'ing /vault/data

@rayudu2080

3 жыл бұрын

@@MarcelDempers Can you please let me know in which video you ensure ownership to the vault user with an init container

@MarcelDempers

3 жыл бұрын

It might be in the first one of the Vault series kzread.info/head/PLHq1uqvAteVtq-NRX3yd1ziA_wJSBu3Oj

@rayudu2080

3 жыл бұрын

@@MarcelDempers Thanks a lot yar..

@rayudu2080

3 жыл бұрын

i need some thing else also, can we do unseal process via shell script is that possible to do.

Noice!