diff --git a/README.md b/README.md
index ac3ae9d..12d2c6e 100644
--- a/README.md
+++ b/README.md
@@ -4,7 +4,7 @@ This repository contains a Spring Boot implementation for application-level fiel
**IMPORTANT DISCLAIMER**: **NOT PRODUCTION GRADE**
-## Solution Summary
+## Summary
The application protects sensitive fields before they are persisted by combining the following controls:
@@ -17,7 +17,7 @@ The application protects sensitive fields before they are persisted by combining
## Technology Stack
- Java 21
-- Spring Boot 3.3.4
+- Spring Boot 3.5.x
- Maven
- PostgreSQL
- HashiCorp Vault
@@ -28,14 +28,13 @@ The application protects sensitive fields before they are persisted by combining
Key top-level paths:
-- `src/main/java/dev/wackydevelopers/encryption/`: application source code
-- `src/test/java/dev/wackydevelopers/encryption/`: unit, integration, and e2e tests
-- `db/`: database migration assets and validation scripts
+- `src/main/`: application source code
+- `src/test/`: unit, integration, and e2e tests
- `vault/`: Vault bootstrap assets and validation scripts
- `docs/`: runbooks and supporting documentation
- `postman/`: Postman collection and environment files
-## Architecture Diagram
+## Architecture
The following high-level view shows the main runtime components and trust boundaries:
@@ -59,7 +58,7 @@ The primary local workflow is documented in [docs/local-development-workflow.md]
Typical prerequisites:
-- Docker with Compose plugin
+- Docker/podman with Compose plugin
- Java 21 or later
- Maven 3.9 or later
@@ -130,9 +129,11 @@ This repository currently emphasizes implementation and validation of:
- Vault bootstrap and startup resilience behavior
- key rotation workflows and contract validation
-The implementation **IS NOT PRODUCTION GRADE** but only a showcase. **DO NOT USE IN PRODUCTION** UNLESS REVIEWED AND VETTED
+The implementation **IS NOT PRODUCTION GRADE** but only a showcase. **DO NOT USE IN PRODUCTION** UNLESS REVIEWED AND VETTED.
Other than that, enjoy your stay and *you can checkout any time you like...*.
If this repo helps you in any chance, target achieved!
Cheers, and remember, *the bards' songs will remain*.
+
+PS: Did I mention that this is **NOT BATTLE-TESTED & PRODUCTION READY**?
diff --git a/config/application-vault-example.yml b/config/application-vault-example.yml
deleted file mode 100644
index e51ada0..0000000
--- a/config/application-vault-example.yml
+++ /dev/null
@@ -1,32 +0,0 @@
-spring:
- jpa:
- hibernate:
- ddl-auto: validate
- flyway:
- enabled: true
- locations: classpath:db/migration
- datasource:
- url: jdbc:postgresql://localhost:5432/appdb
- username: ${DB_USERNAME:app_user}
- password: ${DB_PASSWORD:change-me}
-
- cloud:
- vault:
- uri: ${VAULT_ADDR:http://localhost:8200}
- authentication: APPROLE
- app-role:
- role-id: ${VAULT_ROLE_ID:}
- secret-id: ${VAULT_SECRET_ID:}
- kv:
- enabled: true
- backend: secret
- config:
- lifecycle:
- enabled: true
-
-encryption:
- vault:
- transit-path: transit
- kek-name: app-kek
- blind-index:
- key-path: secret/myapp/bik
diff --git a/docs/local-development-workflow.md b/docs/local-development-workflow.md
index 06fe3d9..f1c6773 100644
--- a/docs/local-development-workflow.md
+++ b/docs/local-development-workflow.md
@@ -6,38 +6,34 @@ This runbook defines the primary Docker-based local setup and the fallback workf
## Prerequisites
-Run prerequisite checks:
-
-```bash
-bash scripts/check-prerequisites.sh
-```
-
Expected tools:
- Docker with Compose plugin
- Java 21+
- Maven 3.9+
-Ensure scripts are executable:
-
-```bash
-chmod +x scripts/*.sh db/tests/*.sh vault/tests/*.sh tests/*.sh
-```
-
## Primary Workflow (Docker Compose)
1. Start local stack and run Vault bootstrap:
```bash
-bash scripts/start-local.sh
+docker compose up -d postgres vault
```
-1. Confirm services:
+2. Confirm services:
```bash
docker compose ps
```
+3. Initialise vault:
+
+```bash
+docker compose run --rm vault-init
+```
+
+Check logs to get the AppRole `role-id` and generated `secret-id`. These are necessary environment variables (`VAULT_ROLE_ID` & `VAULT_SECRET_ID`) for the application to start.
+
1. Access endpoints:
- PostgreSQL: localhost:5432
@@ -51,37 +47,15 @@ Use fallback only when Docker Compose cannot be used in the current environment.
1. Run API in in-memory mode:
```bash
-bash scripts/start-local-fallback.sh
+mvn -q -DskipTests -Dspring-boot.run.profiles=inmemory spring-boot:run
```
-1. Validate API health:
+2. Validate API health:
```bash
curl http://localhost:8080/actuator/health
```
-## Troubleshooting
-
-1. Docker daemon not running:
-
-- Start Docker Desktop or daemon service.
-- Re-run `bash scripts/check-prerequisites.sh`.
-
-1. Vault init fails:
-
-- Check Vault container logs: docker compose logs vault
-- Re-run bootstrap: docker compose run --rm vault-init
-
-1. Port conflicts:
-
-- Check listeners on 5432/8200/8080 and free conflicting processes.
-- Override mapped ports in docker-compose.yml if needed.
-
-1. Fallback startup fails:
-
-- Verify Java and Maven paths.
-- Run `mvn -q test` first to ensure project compiles.
-
## Exit and Cleanup
Stop and remove services:
diff --git a/pom.xml b/pom.xml
index 8c9bd2b..a18327b 100644
--- a/pom.xml
+++ b/pom.xml
@@ -11,15 +11,16 @@
21
21
UTF-8
- 3.3.4
- 10.20.1
- 2.17.2
- 5.11.0
- 1.20.4
- 42.7.4
+ 3.5.13
+ 11.7.2
+ 2.21.2
+ 2.21
+ 5.12.2
+ 1.21.4
+ 42.7.10
2.3.232
- 2.0.16
- 3.3.1
+ 2.0.17
+ 3.5.5
@@ -111,7 +112,7 @@
com.fasterxml.jackson.core
jackson-annotations
- ${jackson.version}
+ ${jackson.annotations.version}