0

So I have a nodejs webservice which I push into Cloud Foundry (PCF), then I am storing some credentials in Vault so when a user hits my web service endpoint with some credentials I extract the credentials from the Vault, compare them against the credentials from the request and if the match I allow the request to be processed else I reject the request.

So to install Vault in PCF I use the next command:

cf create-service hashicorp-vault shared foo-vault

Then I create a key using this command:

create-service-key foo-vault foo-vault-key

Then I bind the service to the app like this:

cf bind-service foo-ws foo-vault

I restage the web service and when I print the environmental variables using this command:

cf restage foo-ws

I get this values:

{
    "hashicorp-vault": [{
        "credentials": {
            "address": "http://somehost:433/",
            "auth": {
                "accessor": "kMr3iCSlekSN2d1vpPjbjzUk",
                "token": "some token"
            },
            "backends": {
                "generic": [
                    "cf/7f1a12a9-4a52-4151-bc96-874380d30182/secret",
                    "cf/c4073566-baee-48ae-88e9-7c7c7e0118eb/secret"
                ],
                "transit": [
                    "cf/7f1a12a9-4a52-4151-bc96-874380d30182/transit",
                    "cf/c4073566-baee-48ae-88e9-7c7c7e0118eb/transit"
                ]
            },
            "backends_shared": {
                "organization": "cf/8d4b992f-cca3-4876-94e0-e49170eafb67/secret",
                "space": "cf/bdace353-e813-4efb-8122-58b9bd98e3ab/secret"
            }
        },
        "label": "hashicorp-vault",
        "name": "my-vault",
        "plan": "shared",
        "provider": null,
        "syslog_drain_url": null,
        "tags": [],
        "volume_mounts": []
    }]
}

So my question is if there is a way to define the backends, token and address?

Thanks in advance for your help.

Greetings

linker85
  • 1,601
  • 5
  • 26
  • 44
  • What you're asking isn't the standard functionality of CloudFoundry. CloudFoundry provides ways for you to create, update, delete & bind services. As you create or update a service you can pass additional information to the service broker, but ultimately what you pass to the broker is entirely up to that service broker. Long story short, you need to look at the documentation for your service broker and see if it explains how you can configure the service instance. If you run `cf marketplace` you might get more details about the broker, perhaps a link to the docs. – Daniel Mikusa Nov 20 '21 at 21:00
  • have you tried https://spring.io/blog/2017/11/28/binding-applications-to-hashicorp-s-vault-with-spring-in-cloud-foundry – Shiva Dec 02 '21 at 04:21

0 Answers0