In an application, we need to handle a variety of secret/secure data in the form of API keys, other application passwords, and more. Often, for an application deployed and running in a production environment, keeping these in plain text can result in security breaches. With automation up for grabs quite cheaply nowadays, for modern applications, storing such data securely with access control and secure storage is a must.

Encryption is something that has been widely embraced, but for decryption, a key needs to be circulated, and this circulation of the key is usually a big problem. If a person decides to take the key outside of the organization, there can be serious problems.

Vault from HashiCorp is a very strong contender as a solution to this issue, and helps in managing these secrets easily with very rigid controls. It provides APIs that give access based on set policies. It also has the capability to provide access control, and it also comes with encryption functionality out of box. In addition, it has a variety of persistent backend supports, such as Consul (from HashiCorp), and more, making it easy for enterprises to adopt it. Vault is written in Go and has binaries available for many platforms, and can be downloaded from its website. In this section, we will quickly run you through the Vault product itself, and then go through an example in which we will create a Spring Boot project and securely access some of the secrets stored in the Vault. Without further ado, let's get our hands dirty with actual code.