Securing Applications with CredHub


First, confirm that the CredHub service broker is available in your org and space

Execute cf marketplace in your terminal, which should list credhub one of the available services

Service Instance Creation and Binding

  • Execute cf create-service credhub default <service-instance-name> -c <path_to_your_config_json_file>

  • Execute cf bind-service <app-name> <service-instance-name>

  • Execute cf restart <app-name>

NOTE: If your app is already bound to a CUPS that exposes credentials, remember to unbind your app from this service and then delete the service.

Sample JSON: json {"jdbcUrl":"jdbc:oracle:thin:[USERNAME]/[PASSWORD]@[HOST]:[PORT]/[SCHEMA]"}

Service Instance Update

  • Execute cf update-service <service-instance-name> -c <path_to_your_config_json_file>

Reference External Service params via yaml

  • Referencing property in yaml:
     username: ${<service-instance-name>.credentials.username}
  • If you are not using Spring Boot, but only using Spring Framework, then the looks like this:

Cloud Foundry service binding properties are exposed by the Spring Cloud Connector under the prefix cloud. The same properties are exposed in Spring Boot under the vcap prefix.