This is a detailed, step-by-step tutorial.
With this tutorial, you will learn how to use the CyberArk Secretless Broker to deploy an application that connects to a database without knowing its password.
Applications and application developers should be incapable of leaking secrets.
To achieve that goal, you’ll play two roles in this tutorial:
- A Security Admin who handles secrets, and has sole access to those secrets
- An Application Developer with no access to secrets.
The situation looks like this:
Specifically, we will:
As the security admin:
- Create a PostgreSQL database
- Create a DB user for the application
- Add that user’s credentials to Kubernetes Secrets
- Configure Secretless to connect to PostgreSQL using those credentials
As the application developer:
- Configure the application to connect to PostgreSQL via Secretless
- Deploy the application and the Secretless sidecar
Play the role of a Security Admin and learn how to set up PostgreSQL and configure Secretless.