This is an automated email from the ASF dual-hosted git repository.
acosentino pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/camel.git
The following commit(s) were added to refs/heads/main by this push:
new 1d5058b0319 Added Hashicorp Vault instructions in security section
1d5058b0319 is described below
commit 1d5058b0319703b90a42758b6f4bffde39ff1ced
Author: Andrea Cosentino <[email protected]>
AuthorDate: Thu Jul 21 18:26:18 2022 +0200
Added Hashicorp Vault instructions in security section
---
docs/user-manual/modules/ROOT/pages/security.adoc | 133 ++++++++++++++++++++++
1 file changed, 133 insertions(+)
diff --git a/docs/user-manual/modules/ROOT/pages/security.adoc
b/docs/user-manual/modules/ROOT/pages/security.adoc
index 5168f77eecb..604d4b8c417 100644
--- a/docs/user-manual/modules/ROOT/pages/security.adoc
+++ b/docs/user-manual/modules/ROOT/pages/security.adoc
@@ -370,3 +370,136 @@ For the moment we are not considering the rotation
function, if any will be appl
The only requirement is adding the camel-azure-key-vault jar to your Camel
application.
+==== Using Hashicorp Vault
+
+To use this function you'll need to provide credentials for Hashicorp vault as
environment variables:
+
+[source,bash]
+----
+export $CAMEL_VAULT_HASHICORP_TOKEN=token
+export $CAMEL_VAULT_HASHICORP_ENGINE=secretKey
+export $CAMEL_VAULT_HASHICORP_HOST=host
+export $CAMEL_VAULT_HASHICORP_PORT=port
+export $CAMEL_VAULT_HASHICORP_SCHEME=http/https
+----
+
+You can also configure the credentials in the `application.properties` file
such as:
+
+[source,properties]
+----
+camel.vault.hashicorp.token = token
+camel.vault.hashicorp.engine = engine
+camel.vault.hashicorp.host = host
+camel.vault.hashicorp.port = port
+camel.vault.hashicorp.scheme = scheme
+----
+
+At this point you'll be able to reference a property in the following way:
+
+[source,xml]
+----
+<camelContext>
+ <route>
+ <from uri="direct:start"/>
+ <to uri="{{hashicorp:route}}"/>
+ </route>
+</camelContext>
+----
+
+Where route will be the name of the secret stored in the Hashicorp Vault
instance.
+
+You could specify a default value in case the secret is not present on
Hashicorp Vault instance:
+
+[source,xml]
+----
+<camelContext>
+ <route>
+ <from uri="direct:start"/>
+ <to uri="{{hashicorp:route:default}}"/>
+ </route>
+</camelContext>
+----
+
+In this case if the secret doesn't exist, the property will fallback to
"default" as value.
+
+Also you are able to get particular field of the secret, if you have for
example a secret named database of this form:
+
+[source,bash]
+----
+{
+ "username": "admin",
+ "password": "password123",
+ "engine": "postgres",
+ "host": "127.0.0.1",
+ "port": "3128",
+ "dbname": "db"
+}
+----
+
+You're able to do get single secret value in your route, like for example:
+
+[source,xml]
+----
+<camelContext>
+ <route>
+ <from uri="direct:start"/>
+ <log message="Username is {{hashicorp:database/username}}"/>
+ </route>
+</camelContext>
+----
+
+Or re-use the property as part of an endpoint.
+
+You could specify a default value in case the particular field of secret is
not present on Hashicorp Vault instance:
+
+[source,xml]
+----
+<camelContext>
+ <route>
+ <from uri="direct:start"/>
+ <log message="Username is {{hashicorp:database/username:admin}}"/>
+ </route>
+</camelContext>
+----
+
+In this case if the secret doesn't exist or the secret exists, but the
username field is not part of the secret, the property will fallback to "admin"
as value.
+
+There is also the syntax to get a particular version of the secret for both
the approach, with field/default value specified or only with secret:
+
+[source,xml]
+----
+<camelContext>
+ <route>
+ <from uri="direct:start"/>
+ <to uri="{{hashicorp:route@2}}"/>
+ </route>
+</camelContext>
+----
+
+This approach will return the RAW route secret with version '2'.
+
+[source,xml]
+----
+<camelContext>
+ <route>
+ <from uri="direct:start"/>
+ <to uri="{{hashicorp:route:default@2}}"/>
+ </route>
+</camelContext>
+----
+
+This approach will return the route secret value with version '2' or default
value in case the secret doesn't exist or the version doesn't exist.
+
+[source,xml]
+----
+<camelContext>
+ <route>
+ <from uri="direct:start"/>
+ <log message="Username is {{hashicorp:database/username:admin@2}}"/>
+ </route>
+</camelContext>
+----
+
+This approach will return the username field of the database secret with
version '2' or admin in case the secret doesn't exist or the version doesn't
exist.
+
+The only requirement is adding the camel-hashicorp-vault jar to your Camel
application.
