Hashicorp Vault Module

Testcontainers module for Vault. Vault is a tool for managing secrets. More information on Vault here.

Usage example

Start Vault container as a @ClassRule:

Starting a Vault container

public static VaultContainer<?> vaultContainer = new VaultContainer<>("hashicorp/vault:1.13")
    .withVaultToken(VAULT_TOKEN)
    .withSecretInVault("secret/testing1", "top_secret=password123")
    .withSecretInVault(
        "secret/testing2",
        "secret_one=password1",
        "secret_two=password2",
        "secret_three=password3",
        "secret_three=password3",
        "secret_four=password4"
    )
    .withInitCommand("secrets enable transit", "write -f transit/keys/my-key");

Use CLI to read data from Vault container:

Use CLI to read data

GenericContainer.ExecResult result = vaultContainer.execInContainer(
    "vault",
    "kv",
    "get",
    "-format=json",
    "secret/testing1"
);
assertThat(result.getStdout()).contains("password123");

Use Http API to read data from Vault container:

Use Http API to read data

Response response = given()
    .header("X-Vault-Token", VAULT_TOKEN)
    .when()
    .get(vaultContainer.getHttpHostAddress() + "/v1/secret/data/testing1")
    .thenReturn();
assertThat(response.body().jsonPath().getString("data.data.top_secret")).isEqualTo("password123");

Use client library to read data from Vault container:

Use library to read data

public void readFirstSecretPathOverClientLibrary() throws Exception {
    final VaultConfig config = new VaultConfig()
        .address(vaultContainer.getHttpHostAddress())
        .token(VAULT_TOKEN)
        .build();

    final Vault vault = new Vault(config);

    final Map<String, String> value = vault.logical().read("secret/testing1").getData();

    assertThat(value).containsEntry("top_secret", "password123");
}

See full example.

Why Vault in Junit tests?

With the increasing popularity of Vault and secret management, applications are now needing to source secrets from Vault. This can prove challenging in the development phase without a running Vault instance readily on hand. This library aims to solve your apps integration testing with Vault. You can also use it to test how your application behaves with Vault by writing different test scenarios in Junit.

Adding this module to your project dependencies

Add the following dependency to your pom.xml/build.gradle file:

GradleMaven

testImplementation "org.testcontainers:vault:1.19.0"

<dependency>
    <groupId>org.testcontainers</groupId>
    <artifactId>vault</artifactId>
    <version>1.19.0</version>
    <scope>test</scope>
</dependency>

License

See LICENSE.

Copyright

Copyright (c) 2017 Capital One Services, LLC and other authors.

See AUTHORS for contributors.