This showcase is intended for setting up a postgres database with direct HashiCorp Vault integration. It can be used for local testing and exploration of the concept.
Target is to provide:
- An admin role to manage the database/schema
- An application role to access and change data
- An read role to only access data
- Generate rsa keys for psql db
- [Server Cert] docker/postgres/config/postgres_server.pem
- [Private Key] docker/postgres/config/postgres_server-key.pem
- Use docker compose to setup the docker containers. docker-compose
- start in docker directory
- Initialize vault.
- Via ui http://localhost:8200/
- Or CLI
- Perform login to vault with root token.
- Execute terraform apply to create
- postgres database objects
- vault secret engine for database
- Run the test script to verify the setup.
Following points are only used, because it is a local demo showcase:
- Postgres containers are using simple unsecured credentials
- Vault root token would never be used for general vault access
- Vault server uses http instead of https
- extract terraform modules