Secure Database Using HashiCorp Vaut

A secure database storage service where data can be stored and be retrieved from in a completely secure manner. This is achieved by using Encryption as a Service (EaaS) - Transit Secret Engine Service from HashiCorp Vault. The data within the database is at all times encrypted and it is only decrypted when an authenticated client requests data from the web service.

This project has been developed while working as a student developer under the guidance of mentors from National Informatics Centre -New Delhi

Setting up the project

To setup the project locally:

• Clone the project
• Start a MySQL server and edit the MySQL server properties as per your server inside application.properties
• Install Vault and start a dev Vault Server see here
• Enable Vault's Transit Secret Engine see here
• Set up a key with name patient inside Transit Secret Engine. Hence your BaseUrl for the encrypting service should be like DomainName/transit/encrypt/patient/

Testing APIs

All the APIs from the web service and the Vault server can be tested using Post Man.

Example for testing Vault APIs

Note: Do not forget to pass the ROOT TOKEN that you receive on starting the server along with the header for every request you make to the Vault server.