Files
spring-cloud-static/Dalston.SR5/multi/multi_vault.config.authentication.html
2017-12-22 20:14:47 -05:00

111 lines
24 KiB
HTML

<html><head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>91.&nbsp;Authentication methods</title><link rel="stylesheet" type="text/css" href="css/manual-multipage.css"><meta name="generator" content="DocBook XSL Stylesheets V1.78.1"><link rel="home" href="multi_spring-cloud.html" title="Spring Cloud"><link rel="up" href="multi__spring_cloud_vault.html" title="Part&nbsp;XIII.&nbsp;Spring Cloud Vault"><link rel="prev" href="multi__client_side_usage_2.html" title="90.&nbsp;Client Side Usage"><link rel="next" href="multi_vault.config.backends.html" title="92.&nbsp;Secret Backends"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">91.&nbsp;Authentication methods</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="multi__client_side_usage_2.html">Prev</a>&nbsp;</td><th width="60%" align="center">Part&nbsp;XIII.&nbsp;Spring Cloud Vault</th><td width="20%" align="right">&nbsp;<a accesskey="n" href="multi_vault.config.backends.html">Next</a></td></tr></table><hr></div><div class="chapter"><div class="titlepage"><div><div><h2 class="title"><a name="vault.config.authentication" href="#vault.config.authentication"></a>91.&nbsp;Authentication methods</h2></div></div></div><p>Different organizations have different requirements for security
and authentication. Vault reflects that need by shipping multiple authentication
methods. Spring Cloud Vault supports token and AppId authentication.</p><div class="section"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="vault.config.authentication.token" href="#vault.config.authentication.token"></a>91.1&nbsp;Token authentication</h2></div></div></div><p>Tokens are the core method for authentication within Vault.
Token authentication requires a static token to be provided using the
<a class="link" href="https://github.com/spring-cloud/spring-cloud-commons/blob/master/docs/src/main/asciidoc/spring-cloud-commons.adoc#the-bootstrap-application-context" target="_top">Bootstrap Application Context</a>.</p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><table border="0" summary="Note"><tr><td rowspan="2" align="center" valign="top" width="25"><img alt="[Note]" src="images/note.png"></td><th align="left">Note</th></tr><tr><td align="left" valign="top"><p>Token authentication is the default authentication method.
If a token is disclosed an unintended party gains access to Vault and
can access secrets for the intended client.</p></td></tr></table></div><div class="example"><a name="d0e19966" href="#d0e19966"></a><p class="title"><b>Example&nbsp;91.1.&nbsp;bootstrap.yml</b></p><div class="example-contents"><pre class="programlisting"><span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute">spring.cloud.vault</span>:
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> authentication</span>: TOKEN
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> token</span>: <span class="hl-number">00000000</span>-<span class="hl-number">0000</span>-<span class="hl-number">0000</span>-<span class="hl-number">0000</span>-<span class="hl-number">000000000000</span></pre></div></div><br class="example-break"><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><code class="literal">authentication</code> setting this value to <code class="literal">TOKEN</code> selects the Token
authentication method</li><li class="listitem"><code class="literal">token</code> sets the static token to use</li></ul></div><p>See also: <a class="link" href="https://www.vaultproject.io/docs/concepts/tokens.html" target="_top">Vault Documentation: Tokens</a></p></div><div class="section"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="vault.config.authentication.appid" href="#vault.config.authentication.appid"></a>91.2&nbsp;AppId authentication</h2></div></div></div><p>Vault supports <a class="link" href="https://www.vaultproject.io/docs/auth/app-id.html" target="_top">AppId</a>
authentication that consists of two hard to guess tokens. The AppId
defaults to <code class="literal">spring.application.name</code> that is statically configured.
The second token is the UserId which is a part determined by the application,
usually related to the runtime environment. IP address, Mac address or a
Docker container name are good examples. Spring Cloud Vault Config supports
IP address, Mac address and static UserId&#8217;s (e.g. supplied via System properties).
The IP and Mac address are represented as Hex-encoded SHA256 hash.</p><p>IP address-based UserId&#8217;s use the local host&#8217;s IP address.</p><div class="example"><a name="d0e20002" href="#d0e20002"></a><p class="title"><b>Example&nbsp;91.2.&nbsp;bootstrap.yml using SHA256 IP-Address UserId&#8217;s</b></p><div class="example-contents"><pre class="programlisting"><span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute">spring.cloud.vault</span>:
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> authentication</span>: APPID
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> app-id</span>:
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> user-id</span>: IP_ADDRESS</pre></div></div><br class="example-break"><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><code class="literal">authentication</code> setting this value to <code class="literal">APPID</code> selects the AppId
authentication method</li><li class="listitem"><code class="literal">app-id-path</code> sets the path of the AppId mount to use</li><li class="listitem"><code class="literal">user-id</code> sets the UserId method. Possible values are <code class="literal">IP_ADDRESS</code>,
<code class="literal">MAC_ADDRESS</code> or a class name implementing a custom <code class="literal">AppIdUserIdMechanism</code></li></ul></div><p>The corresponding command to generate the IP address UserId from a command line is:</p><pre class="screen">$ echo -n 192.168.99.1 | sha256sum</pre><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><table border="0" summary="Note"><tr><td rowspan="2" align="center" valign="top" width="25"><img alt="[Note]" src="images/note.png"></td><th align="left">Note</th></tr><tr><td align="left" valign="top"><p>Including the line break of <code class="literal">echo</code> leads to a different hash value
so make sure to include the <code class="literal">-n</code> flag.</p></td></tr></table></div><p>Mac address-based UserId&#8217;s obtain their network device from the
localhost-bound device. The configuration also allows specifying
a <code class="literal">network-interface</code> hint to pick the right device. The value of
<code class="literal">network-interface</code> is optional and can be either an interface
name or interface index (0-based).</p><div class="example"><a name="d0e20055" href="#d0e20055"></a><p class="title"><b>Example&nbsp;91.3.&nbsp;bootstrap.yml using SHA256 Mac-Address UserId&#8217;s</b></p><div class="example-contents"><pre class="programlisting"><span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute">spring.cloud.vault</span>:
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> authentication</span>: APPID
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> app-id</span>:
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> user-id</span>: MAC_ADDRESS
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> network-interface</span>: eth0</pre></div></div><br class="example-break"><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><code class="literal">network-interface</code> sets network interface to obtain the physical address</li></ul></div><p>The corresponding command to generate the IP address UserId from a command line is:</p><pre class="screen">$ echo -n 0AFEDE1234AC | sha256sum</pre><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><table border="0" summary="Note"><tr><td rowspan="2" align="center" valign="top" width="25"><img alt="[Note]" src="images/note.png"></td><th align="left">Note</th></tr><tr><td align="left" valign="top"><p>The Mac address is specified uppercase and without colons.
Including the line break of <code class="literal">echo</code> leads to a different hash value
so make sure to include the <code class="literal">-n</code> flag.</p></td></tr></table></div><div class="section"><div class="titlepage"><div><div><h3 class="title"><a name="_custom_userid" href="#_custom_userid"></a>91.2.1&nbsp;Custom UserId</h3></div></div></div><p>The UserId generation is an open mechanism. You can set
<code class="literal">spring.cloud.vault.app-id.user-id</code> to any string and the configured
value will be used as static UserId.</p><p>A more advanced approach lets you set <code class="literal">spring.cloud.vault.app-id.user-id</code> to a
classname. This class must be on your classpath and must implement
the <code class="literal">org.springframework.cloud.vault.AppIdUserIdMechanism</code> interface
and the <code class="literal">createUserId</code> method. Spring Cloud Vault will obtain the UserId
by calling <code class="literal">createUserId</code> each time it authenticates using AppId to
obtain a token.</p><div class="example"><a name="d0e20101" href="#d0e20101"></a><p class="title"><b>Example&nbsp;91.4.&nbsp;bootstrap.yml</b></p><div class="example-contents"><pre class="programlisting"><span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute">spring.cloud.vault</span>:
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> authentication</span>: APPID
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> app-id</span>:
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> user-id</span>: com.examlple.MyUserIdMechanism</pre></div></div><br class="example-break"><div class="example"><a name="d0e20106" href="#d0e20106"></a><p class="title"><b>Example&nbsp;91.5.&nbsp;MyUserIdMechanism.java</b></p><div class="example-contents"><pre class="programlisting">public class MyUserIdMechanism implements AppIdUserIdMechanism <span xmlns:d="http://docbook.org/ns/docbook" class="hl-keyword">{</span>
<em><span class="hl-annotation" style="color: gray">@Override</span></em>
public String createUserId() <span xmlns:d="http://docbook.org/ns/docbook" class="hl-keyword">{</span>
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> String userId </span>= ...
return userId;
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-keyword">}</span>
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-keyword">}</span></pre></div></div><br class="example-break"><p>See also: <a class="link" href="https://www.vaultproject.io/docs/auth/app-id.html" target="_top">Vault Documentation: Using the App ID auth backend</a></p></div></div><div class="section"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="_approle_authentication" href="#_approle_authentication"></a>91.3&nbsp;AppRole authentication</h2></div></div></div><p><a class="link" href="https://www.vaultproject.io/docs/auth/app-id.html" target="_top">AppRole</a> is intended for machine
authentication, like the deprecated (since Vault 0.6.1) <a class="xref" href="multi_vault.config.authentication.html#vault.config.authentication.appid" title="91.2&nbsp;AppId authentication">Section&nbsp;91.2, &#8220;AppId authentication&#8221;</a>.
AppRole authentication consists of two hard to guess (secret) tokens: RoleId and SecretId.</p><p>Spring Vault supports AppRole authentication by providing either RoleId only
or together with a provided SecretId (push or pull mode).</p><p>RoleId and optionally SecretId must be provided by configuration,
Spring Vault will not look up these or create a custom SecretId.</p><div class="example"><a name="d0e20128" href="#d0e20128"></a><p class="title"><b>Example&nbsp;91.6.&nbsp;bootstrap.yml with AppRole authentication properties</b></p><div class="example-contents"><pre class="programlisting"><span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute">spring.cloud.vault</span>:
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> authentication</span>: APPROLE
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> app-role</span>:
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> role-id</span>: bde2076b-cccb-<span class="hl-number">3</span>cf0-d57e-bca7b1e83a52</pre></div></div><br class="example-break"><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><code class="literal">role-id</code> sets the RoleId.</li></ul></div><div class="example"><a name="d0e20139" href="#d0e20139"></a><p class="title"><b>Example&nbsp;91.7.&nbsp;bootstrap.yml with all AppRole authentication properties</b></p><div class="example-contents"><pre class="programlisting"><span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute">spring.cloud.vault</span>:
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> authentication</span>: APPROLE
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> app-role</span>:
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> role-id</span>: bde2076b-cccb-<span class="hl-number">3</span>cf0-d57e-bca7b1e83a52
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> secret-id</span>: <span class="hl-number">1696536f</span>-<span class="hl-number">1976</span>-<span class="hl-number">73</span>b1-b241-<span class="hl-number">0</span>b4213908d39
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> app-auth-path</span>: approle</pre></div></div><br class="example-break"><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><code class="literal">role-id</code> sets the RoleId.</li><li class="listitem"><code class="literal">secret-id</code> sets the SecretId. SecretId can be omitted if AppRole is configured without requiring SecretId (See <code class="literal">bind_secret_id</code>)</li><li class="listitem"><code class="literal">approle-path</code> sets the path of the approle authentication mount to use</li></ul></div><p>See also: <a class="link" href="https://www.vaultproject.io/docs/auth/approle.html" target="_top">Vault Documentation: Using the AppRole auth backend</a></p></div><div class="section"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="vault.config.authentication.awsec2" href="#vault.config.authentication.awsec2"></a>91.4&nbsp;AWS-EC2 authentication</h2></div></div></div><p>The <a class="link" href="https://www.vaultproject.io/docs/auth/aws-ec2.html" target="_top">aws-ec2</a>
auth backend provides a secure introduction mechanism
for AWS EC2 instances, allowing automated retrieval of a Vault
token. Unlike most Vault authentication backends, this backend
does not require first-deploying, or provisioning security-sensitive
credentials (tokens, username/password, client certificates, etc.).
Instead, it treats AWS as a Trusted Third Party and uses the
cryptographically signed dynamic metadata information that uniquely
represents each EC2 instance.</p><div class="example"><a name="d0e20175" href="#d0e20175"></a><p class="title"><b>Example&nbsp;91.8.&nbsp;bootstrap.yml using AWS-EC2 Authentication</b></p><div class="example-contents"><pre class="programlisting"><span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute">spring.cloud.vault</span>:
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> authentication</span>: AWS_EC2</pre></div></div><br class="example-break"><p>AWS-EC2 authentication enables nonce by default to follow
the Trust On First Use (TOFU) principle. Any unintended party that
gains access to the PKCS#7 identity metadata can authenticate
against Vault.</p><p>During the first login, Spring Cloud Vault generates a nonce
that is stored in the auth backend aside the instance Id.
Re-authentication requires the same nonce to be sent. Any other
party does not have the nonce and can raise an alert in Vault for
further investigation.</p><p>The nonce is kept in memory and is lost during application restart.</p><p>AWS-EC2 authentication roles are optional and default to the AMI.
You can configure the authentication role by setting the
<code class="literal">spring.cloud.vault.aws-ec2.role</code> property.</p><div class="example"><a name="d0e20191" href="#d0e20191"></a><p class="title"><b>Example&nbsp;91.9.&nbsp;bootstrap.yml with configured role</b></p><div class="example-contents"><pre class="programlisting"><span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute">spring.cloud.vault</span>:
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> authentication</span>: AWS_EC2
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> aws-ec2</span>:
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> role</span>: application-server</pre></div></div><br class="example-break"><div class="example"><a name="d0e20196" href="#d0e20196"></a><p class="title"><b>Example&nbsp;91.10.&nbsp;bootstrap.yml with all AWS EC2 authentication properties</b></p><div class="example-contents"><pre class="programlisting"><span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute">spring.cloud.vault</span>:
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> authentication</span>: AWS_EC2
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> aws-ec2</span>:
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> role</span>: application-server
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> aws-ec2-path</span>: aws-ec2
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> identity-document</span>: http://...</pre></div></div><br class="example-break"><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><code class="literal">authentication</code> setting this value to <code class="literal">AWS_EC2</code> selects the AWS EC2
authentication method</li><li class="listitem"><code class="literal">role</code> sets the role name of the AWS EC2 role definition</li><li class="listitem"><code class="literal">aws-ec2-path</code> sets the path of the AWS EC2 mount to use</li><li class="listitem"><code class="literal">identity-document</code> sets URL of the PKCS#7 AWS EC2 identity document</li></ul></div><p>See also: <a class="link" href="https://www.vaultproject.io/docs/auth/aws-ec2.html" target="_top">Vault Documentation: Using the aws-ec2 auth backend</a></p></div><div class="section"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="vault.config.authentication.clientcert" href="#vault.config.authentication.clientcert"></a>91.5&nbsp;TLS certificate authentication</h2></div></div></div><p>The <code class="literal">cert</code> auth backend allows authentication using SSL/TLS client
certificates that are either signed by a CA or self-signed.</p><p>To enable <code class="literal">cert</code> authentication you need to:</p><div class="orderedlist"><ol class="orderedlist" type="1"><li class="listitem">Use SSL, see <a class="xref" href="multi_vault.config.ssl.html" title="95.&nbsp;Vault Client SSL configuration">Chapter&nbsp;95, <i>Vault Client SSL configuration</i></a></li><li class="listitem">Configure a Java <code class="literal">Keystore</code> that contains the client
certificate and the private key</li><li class="listitem">Set the <code class="literal">spring.cloud.vault.authentication</code> to <code class="literal">CERT</code></li></ol></div><div class="example"><a name="d0e20261" href="#d0e20261"></a><p class="title"><b>Example&nbsp;91.11.&nbsp;bootstrap.yml</b></p><div class="example-contents"><pre class="programlisting"><span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute">spring.cloud.vault</span>:
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> authentication</span>: CERT
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> ssl</span>:
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> key-store</span>: classpath:keystore.jks
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> key-store-password</span>: changeit
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> cert-auth-path</span>: cert</pre></div></div><br class="example-break"><p>See also: <a class="link" href="https://www.vaultproject.io/docs/auth/cert.html" target="_top">Vault Documentation: Using the Cert auth backend</a></p></div><div class="section"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="vault.config.authentication.cubbyhole" href="#vault.config.authentication.cubbyhole"></a>91.6&nbsp;Cubbyhole authentication</h2></div></div></div><p>Cubbyhole authentication uses Vault primitives to provide a secured authentication
workflow. Cubbyhole authentication uses tokens as primary login method.
An ephemeral token is used to obtain a second, login VaultToken from Vault&#8217;s
Cubbyhole secret backend. The login token is usually longer-lived and used to
interact with Vault. The login token will be retrieved from a wrapped
response stored at <code class="literal">/cubbyhole/response</code>.</p><p><span class="strong"><strong>Creating a wrapped token</strong></span></p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><table border="0" summary="Note"><tr><td rowspan="2" align="center" valign="top" width="25"><img alt="[Note]" src="images/note.png"></td><th align="left">Note</th></tr><tr><td align="left" valign="top"><p>Response Wrapping for token creation requires Vault 0.6.0 or higher.</p></td></tr></table></div><div class="example"><a name="d0e20284" href="#d0e20284"></a><p class="title"><b>Example&nbsp;91.12.&nbsp;Crating and storing tokens</b></p><div class="example-contents"><pre class="programlisting">$ vault token-create -wrap-ttl="10m"
Key Value
--- -----
wrapping_token: 397ccb93-ff6c-b17b-9389-380b01ca2645
wrapping_token_ttl: 0h10m0s
wrapping_token_creation_time: 2016-09-18 20:29:48.652957077 +0200 CEST
wrapped_accessor: 46b6aebb-187f-932a-26d7-4f3d86a68319</pre></div></div><br class="example-break"><div class="example"><a name="d0e20289" href="#d0e20289"></a><p class="title"><b>Example&nbsp;91.13.&nbsp;bootstrap.yml</b></p><div class="example-contents"><pre class="programlisting"><span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute">spring.cloud.vault</span>:
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> authentication</span>: CUBBYHOLE
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> token</span>: <span class="hl-number">397</span>ccb93-ff6c-b17b-<span class="hl-number">9389</span>-<span class="hl-number">380</span>b01ca2645</pre></div></div><br class="example-break"><p>See also:</p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><a class="link" href="https://www.vaultproject.io/docs/concepts/tokens.html" target="_top">Vault Documentation: Tokens</a></li><li class="listitem"><a class="link" href="https://www.vaultproject.io/docs/secrets/cubbyhole/index.html" target="_top">Vault Documentation: Cubbyhole Secret Backend</a></li><li class="listitem"><a class="link" href="https://www.vaultproject.io/docs/concepts/response-wrapping.html" target="_top">Vault Documentation: Response Wrapping</a></li></ul></div></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="multi__client_side_usage_2.html">Prev</a>&nbsp;</td><td width="20%" align="center"><a accesskey="u" href="multi__spring_cloud_vault.html">Up</a></td><td width="40%" align="right">&nbsp;<a accesskey="n" href="multi_vault.config.backends.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">90.&nbsp;Client Side Usage&nbsp;</td><td width="20%" align="center"><a accesskey="h" href="multi_spring-cloud.html">Home</a></td><td width="40%" align="right" valign="top">&nbsp;92.&nbsp;Secret Backends</td></tr></table></div></body></html>