Use HigherOrderApplication (HOA)
HigherOrderApplication is a simple and secure way to get the secrets into the end applications.
It is a wrapper application that is placed around the actual application and loads all the required secrets into the environment variables.
As an example, let’s take our A service, the binary A-Application, which needs access to mail, admin key and big data accesskey.
In simple terms, the CryptVault HOA application starts the A-application.
To do this, we need to load the A-Service identity and vaultid into the system via the environment variable
Assume that the A-Appication expects its information and the following environment keys:
- A_APPLICATION_MAIL
- A_APPLICATION_ADMIN_KEY
- A_APPLICATION_BIG_DATA_ACCESS_KEY
To rename environment keys between cryptVault Secret and A-Application, you can use the configuration file:
vault.env
VAULT_VALUES_A_TEAM_A_SERVICE_ADMIN_KEY=A_APPLICATION_ADMIN_KEYVAULT_VALUES_A_TEAM_A_SERVICE_MAIL=A_APPLICATION_MAILVAULT_VALUES_SEARCH_TEAM_A_TEAM_A_SERVICE_CONNECTION_STRING=A_APPLICATION_BIG_DATA_ACCESS_KEY# output_from_Create_secrets by terraform# look at .cryptvault folder for needed information by cliexport VAULT_IDENTITY_KEY=foo# by cli: you find the vaultid at .cryptvault/$VAULT_CLI_VAULTNAME/vaultidexport VAULT_ID=barvault-hoa a-applicationNow you can find all the secrets related to Identity as an environment variable.
That was all
It was a comprehensive introduction. In summary, we did the following:
- Created an account
- Created a vault
- Created identities
- Created secrets
- Loaded secrets as environment variables at runtime