在 HashiCorp Vault 中安全地存储 Spring Boot 应用程序的秘密? [英] Securely storing secrets of a Spring Boot application in HashiCorp Vault?
问题描述
我已阅读以下教程:Vault 配置
好的,我们安装了 Vault 服务器并放置了 2 对机密属性:
Ok we installed the Vault server and put 2 pairs of secret properties:
$ vault kv put secret/gs-vault-config example.username=demouser example.password=demopassword
$ vault kv put secret/gs-vault-config/cloud example.username=clouduser example.password=cloudpassword
Spring Boot 应用程序具有以下属性(bootstrap.properties):
Spring boot application has following properties(bootstrap.properties):
spring.application.name=gs-vault-config
spring.cloud.vault.token=00000000-0000-0000-0000-000000000000
spring.cloud.vault.scheme=http
spring.cloud.vault.kv.enabled=true
因此基于 spring.cloud.vault.token 应用程序能够读取安全属性(名称和密码)但 spring.cloud.vault.token 存储在不安全的地方 - bootstrap.properties 存储在代码存储库中.你能解释一下为什么它是安全的吗?
So based on spring.cloud.vault.token application able to read secure properties(name and password) but spring.cloud.vault.token is stored in the insecure place - bootstrap.properties which is stored in the code repository. Could you please explain why it is safe?
我们发现它是不安全的.如何使其安全?我知道可能有多种解决方案可以使其安全,但单个简化示例对我来说就足够了.
As we found out it is insecure. How to make it secure ? I understand that there are might be several solutions to make it secure but single simplified example would be enough for me.
推荐答案
你能解释一下为什么它是安全的吗?
Could you please explain why it is safe?
答案是它不安全......如果你这样做的话.例如,Spring Vault 参考手册 说:
The answer is that it is NOT safe ... if you do it that way. For example, the Spring Vault reference manual says:
请仔细考虑您的安全要求.如果您想快速开始使用 Vault,静态令牌身份验证很好,但静态令牌不再受保护.向非预期方的任何披露都允许 Vault 与关联的令牌角色一起使用."
您应该保护您的静态令牌,或者只授予他们访问保险库中您很高兴广为人知的秘密"的权限.
You should either protect your static tokens, or only grant them access to "secrets" in the vault which you are happy to be widely known.
或者,让您的应用程序使用身份验证方法来生成短期动态令牌.
Alternatively, have your application use an authenticated method to generate short-term dynamic tokens.
据我所知,最初的问题是将密码存储在 Github 上的 application.properties 文件中.
As I understand initial problem it is bad to store passwords in an application.properties file on Github.
在 Github 上的 application.properties 文件中存储静态 Vault 令牌同样糟糕.
And storing a static Vault token in an application.properties file on Github is equally as bad.
有什么区别?
几乎没有区别1.这只是使用 Vault 的错误方式.
There is almost no difference1. This is simply the wrong way to use Vault.
1 - 有一个小优势,如果您发现令牌意外泄漏,您可以使令牌无效.但这并不意味着故意发布它是明智的.
那么你如何安全地做事?
So how do you do things securely?
首先,您必须保护将要使用机密的机器.即使您不打算将实际机密存储在磁盘上,您也需要(安全地)在您的每台机器上存储不同的机密,以便它们可以在保存真正机密的地方进行身份验证.
First, you MUST secure the machines where the secrets are going to be used. Even if you are not going to store the actual secrets on disk, you will need to store a different secret (securely) on each of your machines so that they can authenticate themselves to the place where the real secrets are kept.
这是一个使用 Chef 的示例.
Here is an example using Chef.
设置一个安全的 Chef 服务器来保存您机器的配置;即所有需要安装的东西的配方,节点描述说明应用什么配方等.
Set up a secure Chef server that holds the configs for your machines; i.e. recipes for all of the things that need to be installed, node descriptions to say what recipes to apply, etc.
当您将机器作为节点引导时,会为机器生成密钥对并注册到 Chef 服务器.密钥对也保存在机器上,必须安全保存.
When you bootstrap a machine as a node, a keypair is generated for the machine and registered with the Chef server. The keypair is also held on the machine, and has to be held securely.
然后您使用 Chef 客户端运行用于安装和配置服务器的配方.
Then you use the Chef client to run the recipes that install and configure your server.
请注意,这依赖于拥有适当安全的系统来运行 Chef 服务器.它还依赖于每个节点都足够安全来保护自己的密钥.
Note that this relies on having a properly secured system to run the Chef server. It also relies on each of the nodes being sufficiently secure to protect their own keys.
还有其他方法可以做到这一点,但如果您不能充分保护您的主机,则无济于事.
There are other ways to do this, but nothing will work if you cannot secure your host sufficiently.
这篇关于在 HashiCorp Vault 中安全地存储 Spring Boot 应用程序的秘密?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
