This demonstration explores the core benefits of Vault's Transit Secrets Engine. We visit 3 different scenarios you may encounter in order to leverage the engine.
- Scenario 1: Introduction to the Transit Secrets Engine
- Scenario 2: Unencrypted Web Application and Database
- Scenario 3: Encrypted Web Application and Database
Resource | Description |
---|---|
Platform | Instruqt |
Documentation | Encryption as a Service - Demo Guide |
Slides | Encryption as a Service - Presentation |
Recording | Encryption as a Service - Recording |
GitHub Assets | Encryption as a Service - Assets |
Contributors | Anthony Benjamin, Syed Quadri, George Abot |
Project demonstrates deploying a web application that allows end-user to register/login into the page. When a user registers, their data is processed through Vault OSS, more specifically, using Vault Transit Secrets Engine. This Engine allows us to encrypt/decrypt data, at any given point. In the scope of this project, we send the password to Vault, where it's encrypted. After this stage, the encrypted password is stored in MongoDB, alongside the username in plain text.
- Clone repository in a directory of your choice.
$ git clone https://github.com/hashanthony/internvault.git
- Change directory to the repo you cloned on your local machine.
$ cd internvault/
- Create a .env file under the root directory.
MacOS/Linux
$ touch .env
Windows
$ type nul > .env
- In your newly created .env file, store your MongoDB connection URL, and port 3000. If you would like to use the unencrypted version of the application, you can set PORT to 3001.
MONGO_URL="<YOUR_MONGO_URL>"
PORT=3000
- In /legacy, run command:
$ bash vault.sh
That's it, very simple.
Anthony Benjamin
George Abot
Syed Quadri