I am trying to learn how to integrate secret manager like vaultproject.io with my spring boot application so that I can store and access my db passwords that are currently stored in application.properties... ( very not safe )
However, i dont understand when i read the sample code that the access token to the vault itself is left exposed in application.properties:
spring.cloud.vault.token=00000000-0000-0000-0000-000000000000
spring.cloud.vault.scheme=http
if application.properties are not safe, then what is the point if you leave the token in there? Can't hacker just steal those to connect to the vault?
与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
