How to create Dynamic Secrets for custom applications that has static username password?

Hello Team,

I have a java backend application that has a static username & password and only a single credential there for accessing the application and no option to create multiple credentials. Thus all users have to use the same credential to log in, so can we implement Vault: Dynamic Secrets for my case? So that all my users come up with temporary credentials to Vault & Vault uses actual credentials to access my application and give back the response to the requester by standing as message broker.

For this you would need to create a custom secrets engine in vault and your application would need to have an api with the ability to create and delete credentials in your application.

1 Like

Hello @robertraybarnes

Thank you for responding!

So there is no way to deal without modifying application? As I mentioned my application has only 1 username & password and doesn’t support multiple users.

Unless you have the ability to handle identity and access mananagement within your app, vault can’t interact with it to achieve that.

With static creds, the only option is KV/2 with policies granting access to read these secrets.

You could offset this responsibility to an external ID provider like Active directory or Okta but still need to refactor your app to make use of these services.

1 Like