Secure introduction approaches

- [Narrator] Suppose you work for a company…that uses and maintains an application…that stores its data in a transactional database.…This application runs on application-tier servers,…and authenticates to its relational database…using a username and password.…The username and password combination is a secret.…You don't want that secret permanently stored…in the application configuration,…so you decide to use Vault to store it.…By the way, we could use the database secrets engine,…to solve this problem, but let's just assume,…for argument's sake, that we want to use this method…to deploy an application…with a static username and password.…

We might, for example, be connecting to a database…that is not supported by the database secrets engine.…Here's a diagram of a proposed solution.…The application is built by a continuous…integration system such as Jenkins.…The CI system authenticates to Vault,…using AppRole, Role ID, and Secret ID,…getting an access token.…The CI system then generates a new token…for the application to use to authenticate to Vault.…