Vault Service

Vault Service

Vault Service provides access to encrypted storage.

To use vault service, you should inject VaultService object into the task.

@ApTaskEntry(name = "Vault task")
@Slf4j
public class VaultTask extends ApTaskBase {
	@Inject
	VaultService vaultService;
}

At the time, vault service provides only getter methods

Store credentials

Typically in vault service we store user credentials. In order to put credentials in vault service locally (standalone configuration), they should be provided as decoded in Base64 JSON map containing user and password keys e.g.:

If you want to store credentials with user name "admin" and password "123456", you should create the following JSON:

vault.properties

{
	"user": "admin",
	"password": "123456"
}

Then provide some alias name. Finally your "resources/vault.properties" file will contain the following key-value pair:

vault.properties

mail.user={"user": admin", "password": "123456"}

Example of retrieving user credentials:

SecretCredentials secrets = vaultService.getSecret("mail.user", SecretCredentials.class);
log.info("'mail.user' user:{} password:{}", secrets.getUser(), secrets.getPassword());

Store any string

There's also possibility to store any string value in secret value. 

vault.properties

my.alias=SGVsbG8gZnJvbSBzZWNyZXQgdmF1bHQh

Example of retrieving string value from vault service:

String myValue = vaultService.getSecret("my.alias", String.class);

In node configuration secrets are persisted in HashiCorp vault backed by PostgresSQL database.

In this case secret entries are added manually from secret-vault page of Control Server or using Control Server API

More on working with vault on Control Server in User Guide

Full example:

VaultSampleAp.java Expand source

package eu.ibagroup.easyrpa.vault;

import eu.ibagroup.easyrpa.engine.apflow.ApModule;
import eu.ibagroup.easyrpa.engine.apflow.TaskOutput;
import eu.ibagroup.easyrpa.engine.boot.ApModuleRunner;
import eu.ibagroup.easyrpa.vault.task.VaultTask;

public class VaultSampleAp extends ApModule {
	public static void main(String[] args) {
		ApModuleRunner.localLaunch(VaultSampleAp.class);
	}

	@Override
	public TaskOutput run() throws Exception {
		return execute(getInput(), VaultTask.class).get();
	}
}

VaultTask.java Expand source

package eu.ibagroup.easyrpa.vault.task;

import eu.ibagroup.easyrpa.engine.annotation.ApTaskEntry;
import eu.ibagroup.easyrpa.engine.apflow.ApTaskBase;
import eu.ibagroup.easyrpa.engine.model.SecretCredentials;
import eu.ibagroup.easyrpa.engine.service.VaultService;
import lombok.extern.slf4j.Slf4j;

import javax.inject.Inject;

@ApTaskEntry(name = "Vault task")
@Slf4j
public class VaultTask extends ApTaskBase {
	@Inject
	VaultService vaultService;

	@Override
	public void execute() {
		SecretCredentials secrets = vaultService.getSecret("mail.user", SecretCredentials.class);
		log.info("'mail.user' user:{} password:{}", secrets.getUser(), secrets.getPassword());

		String myValue = vaultService.getSecret("my.alias", String.class);
		log.info("my.alias:{}", myValue);
	}
}

×