Read the original article: How to Use Vault and Spring Cloud Config to Secure Secrets
Back in 2013, a feature was released on GitHub that let users scan code in public repositories. Almost immediately, it was partially deactivated. People suspect that the reason for this was that the feature exposed all kinds of secrets. Then, in 2014, 50,000 uber drivers had their information stolen. This happened because a hacker accessed Uber’s database using credentials they got from a public GitHub repository. The following year, Hashicorp Vault (a tool for managing secrets and encrypting data in transit) was announced. And, two years after that, Spring Vault (the integration of Spring and Vault) came into being.
While this may seem like old news at this point, the leakage of secrets is still pervasive today. It happens to a whole host of developers (see this study from NC State University). This exposure of secrets leads to more cyber-attacks, loss or corruption of data, breaches, and crypto-jacking (cryptocurrency mining using a victim’s cloud computer power). Hashicorp’s Vault and Spring Cloud Vault can reduce this risk.
Read the original article: How to Use Vault and Spring Cloud Config to Secure Secrets