{"id":15204,"date":"2024-01-05T11:18:05","date_gmt":"2024-01-05T19:18:05","guid":{"rendered":"https:\/\/www.couchbase.com\/blog\/?p=15204"},"modified":"2025-06-13T18:39:15","modified_gmt":"2025-06-14T01:39:15","slug":"secure-db-credentials-with-hashicorp-vault-capella","status":"publish","type":"post","link":"https:\/\/www.couchbase.com\/blog\/pt\/secure-db-credentials-with-hashicorp-vault-capella\/","title":{"rendered":"Credenciais de banco de dados seguras com o HashiCorp Vault e o Capella"},"content":{"rendered":"<p><span style=\"font-weight: 400\">No mundo atual orientado por dados, o gerenciamento seguro de credenciais de banco de dados \u00e9 uma preocupa\u00e7\u00e3o fundamental para organiza\u00e7\u00f5es de todos os tamanhos. Como nos esfor\u00e7amos para capacit\u00e1-lo com solu\u00e7\u00f5es de ponta, temos o prazer de anunciar o lan\u00e7amento do nosso plug-in HashiCorp Vault para o gerenciamento de credenciais do banco de dados Capella.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400\">A incorpora\u00e7\u00e3o do HashiCorp Vault ao Capella oferece uma abordagem multifacetada \u00e0 seguran\u00e7a do banco de dados:<\/span><\/p>\n<ul>\n<li style=\"list-style-type: none\">\n<ul>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Uma das principais vantagens \u00e9 o gerenciamento de usu\u00e1rios externo e centralizado, em que as identidades dos usu\u00e1rios e as permiss\u00f5es de acesso s\u00e3o gerenciadas de forma unificada e segura. Isso garante que o acesso aos seus bancos de dados seja controlado, auditado e consistente em toda a organiza\u00e7\u00e3o.\u00a0<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Os recursos do Vault se estendem \u00e0 auditoria de uso de credenciais, fornecendo registros detalhados e insights sobre quem acessou os bancos de dados, quando e com que finalidade. Esse n\u00edvel de transpar\u00eancia \u00e9 inestim\u00e1vel para as equipes de conformidade e seguran\u00e7a, permitindo que elas rastreiem o acesso aos dados e atendam aos requisitos regulamentares de forma eficaz.\u00a0<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">A automa\u00e7\u00e3o do Vault se destaca com a rota\u00e7\u00e3o e revoga\u00e7\u00e3o autom\u00e1tica de credenciais, reduzindo o risco de acesso n\u00e3o autorizado devido a credenciais obsoletas ou comprometidas.\u00a0<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Por fim, o Vault permite a emiss\u00e3o de credenciais tempor\u00e1rias din\u00e2micas, concedendo aos usu\u00e1rios acesso limitado por tempo aos bancos de dados. Isso n\u00e3o apenas aumenta a seguran\u00e7a, mas tamb\u00e9m simplifica o gerenciamento de usu\u00e1rios, reduzindo a necessidade de credenciais de longo prazo. Juntos, esses recursos transformam a maneira como voc\u00ea gerencia o acesso ao banco de dados, tornando-o mais seguro, eficiente e compat\u00edvel.<\/span><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p><span style=\"font-weight: 400\">Este artigo serve como um guia para ajud\u00e1-lo a aproveitar os recursos do nosso plug-in de forma eficaz. Vamos orient\u00e1-lo em todo o processo, desde a configura\u00e7\u00e3o de um cofre de cont\u00eainer do Docker local at\u00e9 o gerenciamento de credenciais din\u00e2micas sem esfor\u00e7o. Ao final deste tutorial, voc\u00ea estar\u00e1 bem equipado para aumentar a seguran\u00e7a do seu banco de dados com facilidade.<\/span><\/p>\n<p><span style=\"font-weight: 400\">Vamos mergulhar no mundo do gerenciamento seguro de credenciais de banco de dados e desbloquear o potencial do nosso plug-in HashiCorp Vault para Capella<\/span><\/p>\n<h2><span style=\"font-weight: 400\">Etapa 1: Preparativos<\/span><\/h2>\n<p><span style=\"font-weight: 400\">Antes de se aprofundar nos detalhes, \u00e9 essencial estabelecer as bases. Nesta etapa inicial, vamos orient\u00e1-lo nos preparativos essenciais necess\u00e1rios para preparar o terreno para uma integra\u00e7\u00e3o perfeita. Desde a cria\u00e7\u00e3o de uma chave de API at\u00e9 a configura\u00e7\u00e3o de um banco de dados sandbox e a coleta de detalhes organizacionais cruciais, esses preparativos garantem que voc\u00ea tenha tudo o que precisa para concluir a configura\u00e7\u00e3o do plug-in.<\/span><\/p>\n<h3><span style=\"font-weight: 400\">Criar uma chave de API da Capella<\/span><\/h3>\n<p><span style=\"font-weight: 400\">Comece verificando se voc\u00ea tem as chaves de API necess\u00e1rias. Navegue at\u00e9 as configura\u00e7\u00f5es de sua organiza\u00e7\u00e3o e v\u00e1 para a se\u00e7\u00e3o <\/span><a href=\"https:\/\/docs.couchbase.com\/cloud\/management-api-guide\/management-api-start.html#generate-management-api-keys\"><span style=\"font-weight: 400\">Se\u00e7\u00e3o Chave de API.<\/span><\/a><span style=\"font-weight: 400\"> Aqui, gere uma chave da Vers\u00e3o 4 com a fun\u00e7\u00e3o de propriet\u00e1rio da organiza\u00e7\u00e3o. Essa chave ser\u00e1 fundamental em nosso processo de gerenciamento de credenciais. O motivo da fun\u00e7\u00e3o de propriet\u00e1rio da organiza\u00e7\u00e3o \u00e9 que, posteriormente, faremos a rota\u00e7\u00e3o da credencial raiz.<\/span><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-large wp-image-15206\" src=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2024\/01\/image3.gif\" alt=\"Create a Capella API Key\" width=\"900\" height=\"456\" \/><\/p>\n<h3><span style=\"font-weight: 400\">Decodificar credenciais de chave de API<\/span><\/h3>\n<p><span style=\"font-weight: 400\">Precisaremos fornecer a Capella <em>ACCESS_KEY<\/em> e o <em>SECRET_KEY<\/em> quando configurarmos o plug-in do vault. Obteremos isso da chave de API que geramos anteriormente.\u00a0<\/span><\/p>\n<ul>\n<li style=\"list-style-type: none\">\n<ul>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Fa\u00e7a o download da chave<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Clique duas vezes no bot\u00e3o de c\u00f3pia no final do campo API Key Token.\u00a0<\/span><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-large wp-image-15207\" src=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2024\/01\/image14-1024x264.png\" alt=\"Decode API Key Credentials\" width=\"900\" height=\"232\" srcset=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image14-1024x264.png 1024w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image14-300x77.png 300w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image14-768x198.png 768w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image14-1536x396.png 1536w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image14-1320x341.png 1320w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image14.png 1999w\" sizes=\"auto, (max-width: 900px) 100vw, 900px\" \/><\/p>\n<ul>\n<li style=\"list-style-type: none\">\n<ul>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Decodifique-o usando base64<\/span><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<pre class=\"nums:false lang:default decode:true\">echo \"paste your key here\" | base64 --decode<\/pre>\n<p><span style=\"font-weight: 400\">A chave decodificada ter\u00e1 dois valores separados por ponto e v\u00edrgula:<\/span><\/p>\n<pre class=\"nums:false lang:default decode:true\">HLkOuJult1wb11S2eBBm2C2H0Bm1tHVe:d%1VRg34zdrOeSwgLljG0RGnJPxqeFecK#gfhVCyC%mwZ3gTf1wjJjO4vwPcRpRT<\/pre>\n<p><span style=\"font-weight: 400\">O primeiro \u00e9 o seu <em>ACCESS_KEY<\/em> e o segundo \u00e9 o seu <em>SECRET_KEY<\/em>. Voc\u00ea precisar\u00e1 disso mais tarde, quando for configurar o plug-in.<\/span><\/p>\n<h3><span style=\"font-weight: 400\">Configurar um banco de dados Sandbox<\/span><\/h3>\n<p><span style=\"font-weight: 400\">Para facilitar essa demonstra\u00e7\u00e3o, configure um banco de dados sandbox. Ele servir\u00e1 como um ambiente seguro para testar nosso plug-in.<\/span><\/p>\n<h3><span style=\"font-weight: 400\">Crie um Bucket e um Escopo<\/span><\/h3>\n<p><span style=\"font-weight: 400\">Tamb\u00e9m criaremos um bucket <em>cesto do cofre-1<\/em> e um escopo <em>vault-bucket-1-scope-1<\/em> em nosso cluster, que ser\u00e1 usado ao criar credenciais din\u00e2micas posteriormente.<\/span><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-large wp-image-15208\" src=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2024\/01\/image12-1024x1004.png\" alt=\"Create a Bucket and Scope\" width=\"900\" height=\"882\" srcset=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image12-1024x1004.png 1024w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image12-300x294.png 300w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image12-768x753.png 768w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image12-1536x1505.png 1536w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image12-65x65.png 65w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image12-50x50.png 50w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image12-1320x1294.png 1320w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image12.png 1600w\" sizes=\"auto, (max-width: 900px) 100vw, 900px\" \/><\/p>\n<h3><span style=\"font-weight: 400\">Reunir informa\u00e7\u00f5es essenciais<\/span><\/h3>\n<p><span style=\"font-weight: 400\">Para a configura\u00e7\u00e3o do plug-in, voc\u00ea precisar\u00e1 do ID da organiza\u00e7\u00e3o, do ID do projeto e do ID do cluster. A maneira mais f\u00e1cil de obter esses detalhes \u00e9 copi\u00e1-los do URL e salv\u00e1-los em um arquivo de texto para refer\u00eancia.<\/span><\/p>\n<ul>\n<li style=\"list-style-type: none\">\n<ul>\n<li style=\"font-weight: 400\"><b>oid<\/b><span style=\"font-weight: 400\"> \u00e9 o ID de sua organiza\u00e7\u00e3o<\/span><\/li>\n<li style=\"font-weight: 400\"><b>projectId<\/b><span style=\"font-weight: 400\"> \u00e9 o ID de seu projeto<\/span><\/li>\n<li style=\"font-weight: 400\"><b>dbid<\/b><span style=\"font-weight: 400\"> \u00e9 o ID do seu banco de dados<\/span><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-large wp-image-15209\" src=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2024\/01\/image10.gif\" alt=\"Gather Essential Information\" width=\"900\" height=\"434\" \/><\/p>\n<h2><span style=\"font-weight: 400\">Etapa 2: Configurar o Vault<\/span><\/h2>\n<p><span style=\"font-weight: 400\">Agora, vamos come\u00e7ar com o aspecto t\u00e9cnico. Temos duas op\u00e7\u00f5es para executar a demonstra\u00e7\u00e3o.\u00a0<\/span><\/p>\n<ol>\n<li style=\"list-style-type: none\">\n<ol>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Para executar a demonstra\u00e7\u00e3o, clone o reposit\u00f3rio e utilize o Dockerfile nele contido. Esse Dockerfile inclui etapas para compilar o plug-in a partir da fonte.\u00a0<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Como alternativa, baixe a vers\u00e3o bin\u00e1ria do plug-in na p\u00e1gina de vers\u00f5es e use-a em sua instala\u00e7\u00e3o do Vault.<\/span><\/li>\n<\/ol>\n<\/li>\n<\/ol>\n<p><span style=\"font-weight: 400\">Fornecerei instru\u00e7\u00f5es para ambos os m\u00e9todos. Escolha o caminho que atenda \u00e0s suas necessidades e siga as etapas correspondentes. N\u00e3o h\u00e1 necessidade de executar os dois m\u00e9todos<\/span><\/p>\n<h3><span style=\"font-weight: 400\">Op\u00e7\u00e3o 1: Use o Dockerfile no reposit\u00f3rio de plug-ins<\/span><\/h3>\n<p><span style=\"font-weight: 400\">Comece clonando nosso reposit\u00f3rio do GitHub:<\/span><\/p>\n<pre class=\"nums:false lang:sh decode:true\">git clone https:\/\/github.com\/couchbasecloud\/vault-plugin-database-couchbasecapella<\/pre>\n<p><span style=\"font-weight: 400\">Esse reposit\u00f3rio cont\u00e9m o c\u00f3digo-fonte do plug-in, que precisaremos para criar o plug-in. Para esta demonstra\u00e7\u00e3o, criaremos uma imagem do Docker usando a imagem do vault do Hashicorp. O plug-in ser\u00e1 criado durante o processo de cria\u00e7\u00e3o da imagem do Docker. Esse m\u00e9todo deve ser usado somente para fins de demonstra\u00e7\u00e3o. Siga as instru\u00e7\u00f5es de <\/span><a href=\"https:\/\/developer.hashicorp.com\/vault\/docs\/plugins#external-plugins\"><span style=\"font-weight: 400\">Hashicorp<\/span><\/a><span style=\"font-weight: 400\"> sobre como instalar o plug-in e us\u00e1-lo em seu ambiente.<\/span><\/p>\n<pre class=\"nums:false lang:sh decode:true\">cd vault-plugin-database-couchbasecapella\r\ndocker build -t vault:with-cb-capella-plugin .<\/pre>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-large wp-image-15210\" src=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2024\/01\/image15-1024x130.png\" alt=\"Use the Dockerfile in the plugin repository\" width=\"900\" height=\"114\" srcset=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image15-1024x130.png 1024w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image15-300x38.png 300w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image15-768x97.png 768w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image15-1536x194.png 1536w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image15-1320x167.png 1320w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image15.png 1999w\" sizes=\"auto, (max-width: 900px) 100vw, 900px\" \/><\/p>\n<p><span style=\"font-weight: 400\">Agora que a imagem foi criada, lan\u00e7aremos um servidor do Vault em um cont\u00eainer do Docker, configurado para o modo de desenvolvimento. Isso nos permite ignorar determinados recursos de seguran\u00e7a para facilitar os testes. O servidor do Vault escutar\u00e1 na porta 8200 e ser\u00e1 inicializado com um token de raiz definido como <em>senha<\/em>. Tamb\u00e9m habilitaremos o registro em n\u00edvel de depura\u00e7\u00e3o para capturar informa\u00e7\u00f5es detalhadas durante nossos testes.<\/span><\/p>\n<pre class=\"nums:false lang:sh decode:true\">docker run --cap-add=IPC_LOCK --name=\"couchbase_vault\" --rm \\\r\n\u00a0\u00a0\u00a0\u00a0-e VAULT_DEV_LISTEN_ADDRESS=0.0.0.0:8200 \\\r\n\u00a0\u00a0\u00a0\u00a0-e VAULT_ADDR=https:\/\/0.0.0.0:8200 \\\r\n\u00a0\u00a0\u00a0\u00a0-p 8200:8200 \\\r\n\u00a0\u00a0\u00a0\u00a0vault:with-cb-capella-plugin \\\r\n         vault server -dev -dev-root-token-id=\"password\" \\\r\n\u00a0\u00a0\u00a0\u00a0-log-level=debug -config=\/vault\/config\/config.json<\/pre>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-large wp-image-15213\" src=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2024\/01\/image1-1024x452.png\" alt=\"Vault server will listen on port 8200\" width=\"900\" height=\"397\" srcset=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image1-1024x452.png 1024w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image1-300x132.png 300w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image1-768x339.png 768w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image1-1536x678.png 1536w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image1-1320x582.png 1320w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image1.png 1999w\" sizes=\"auto, (max-width: 900px) 100vw, 900px\" \/><\/p>\n<p><span style=\"font-weight: 400\">Prossiga diretamente para a Etapa 3, ignorando a Op\u00e7\u00e3o 2.<\/span><\/p>\n<h3><span style=\"font-weight: 400\">Op\u00e7\u00e3o 2: Fa\u00e7a o download do bin\u00e1rio do plug-in<\/span><\/h3>\n<p><span style=\"font-weight: 400\">Comece fazendo o download do plug-in no site <\/span><a href=\"https:\/\/github.com\/couchbasecloud\/vault-plugin-database-couchbasecapella\/releases\"><span style=\"font-weight: 400\">p\u00e1gina de lan\u00e7amentos<\/span><\/a><span style=\"font-weight: 400\">. No momento em que escrevo este artigo, a vers\u00e3o mais recente \u00e9 a 1.0.0 e, como estou usando o Linux, continuarei com o download <\/span><a href=\"https:\/\/github.com\/couchbasecloud\/vault-plugin-database-couchbasecapella\/releases\/download\/v1.0.0\/vault-plugin-database-couchbasecapella-1.0.0_linux_amd64.zip\"><span style=\"font-weight: 400\">a vers\u00e3o para linux<\/span><\/a><span style=\"font-weight: 400\">.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400\">Certifique-se de fazer o download da vers\u00e3o apropriada para a arquitetura do seu computador.\u00a0<\/span><\/p>\n<pre class=\"nums:false wrap:true lang:sh decode:true\">curl -L https:\/\/github.com\/couchbasecloud\/vault-plugin-database-couchbasecapella\/releases\/download\/v1.0.0\/vault-plugin-database-couchbasecapella-1.0.0_linux_amd64.zip&amp;nbsp; -o vault-plugin-database-couchbasecapella-1.0.0_linux_amd64.zip<\/pre>\n<p><span style=\"font-weight: 400\">Como pr\u00e1tica recomendada de seguran\u00e7a, \u00e9 importante validar a integridade do arquivo. Portanto, fa\u00e7a tamb\u00e9m o download das somas de verifica\u00e7\u00e3o dos bin\u00e1rios, que podem ser encontradas na p\u00e1gina de vers\u00f5es.<\/span><\/p>\n<pre class=\"nums:false wrap:true lang:sh decode:true\">curl -L https:\/\/github.com\/couchbasecloud\/vault-plugin-database-couchbasecapella\/releases\/download\/v1.0.0\/vault-plugin-database-couchbasecapella-1.0.0_checksums.txt -o vault-plugin-database-couchbasecapella-1.0.0_checksums.txt<\/pre>\n<p><span style=\"font-weight: 400\">Localize a soma de verifica\u00e7\u00e3o correspondente ao arquivo que voc\u00ea baixou no arquivo de texto.<\/span><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-large wp-image-15211\" src=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2024\/01\/image2-1024x98.png\" alt=\"Locate the checksum\" width=\"900\" height=\"86\" srcset=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image2-1024x98.png 1024w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image2-300x29.png 300w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image2-768x74.png 768w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image2-1320x126.png 1320w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image2.png 1421w\" sizes=\"auto, (max-width: 900px) 100vw, 900px\" \/><\/p>\n<p><span style=\"font-weight: 400\">Gerar a soma de verifica\u00e7\u00e3o e validar o resultado<\/span><\/p>\n<pre class=\"nums:false wrap:true lang:sh decode:true\">sha256sum vault-plugin-database-couchbasecapella-1.0.0_linux_amd64.zip<\/pre>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-large wp-image-15212\" src=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2024\/01\/image8-1024x22.png\" alt=\"checksum comparison indicates a match\" width=\"900\" height=\"19\" srcset=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image8-1024x22.png 1024w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image8-300x6.png 300w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image8-768x17.png 768w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image8-1536x33.png 1536w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image8-1320x28.png 1320w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image8.png 1999w\" sizes=\"auto, (max-width: 900px) 100vw, 900px\" \/><\/p>\n<p><span style=\"font-weight: 400\">A compara\u00e7\u00e3o da soma de verifica\u00e7\u00e3o indica uma correspond\u00eancia, confirmando que a valida\u00e7\u00e3o do arquivo foi bem-sucedida.<\/span><\/p>\n<p><span style=\"font-weight: 400\">Agora \u00e9 seguro extrair o conte\u00fado do arquivo zip e recuperar o plug-in do vault.\u00a0<\/span><\/p>\n<pre class=\"nums:false wrap:true lang:sh decode:true\">unzip vault-plugin-database-couchbasecapella-1.0.0_linux_amd64.zip<\/pre>\n<p><span style=\"font-weight: 400\">Nesse ponto, o bin\u00e1rio do plug-in do Vault deve estar em nossa pasta. A etapa final \u00e9 gerar o hash desse bin\u00e1rio, que \u00e9 necess\u00e1rio para registrar o plug-in no Vault posteriormente. \u00c9 importante observar que esse hash \u00e9 para o pr\u00f3prio bin\u00e1rio, n\u00e3o para o arquivo zip baixado anteriormente.<\/span><\/p>\n<pre class=\"nums:false wrap:true lang:sh decode:true\">shasum -a 256 \"couchbasecapella-database-plugin\" | cut -d \" \" -f1 &gt; couchbasecapella-database-plugin.sha256<\/pre>\n<p><span style=\"font-weight: 400\">A execu\u00e7\u00e3o desse comando deve ter resultado na cria\u00e7\u00e3o de um novo arquivo contendo o hash do plug-in do vault.<\/span><\/p>\n<p><span style=\"font-weight: 400\">Tamb\u00e9m precisaremos criar uma configura\u00e7\u00e3o de cofre que defina onde o plug-in est\u00e1 localizado.<\/span><\/p>\n<pre class=\"nums:false wrap:true lang:sh decode:true\">echo '{\"plugin_directory\": \"\/vault\/plugins\", \"storage\": {\"file\": {\"path\": \"\/vault\/file\"}}, \"default_lease_ttl\": \"168h\", \"max_lease_ttl\": \"720h\", \"ui\": true}' &gt; config.json<\/pre>\n<p><span style=\"font-weight: 400\">\u00a0<\/span><span style=\"font-weight: 400\">A etapa final envolve a cria\u00e7\u00e3o de uma pol\u00edtica de senha personalizada que espelhe a pol\u00edtica usada no Capella.<\/span><\/p>\n<pre class=\"nums:false lang:sh decode:true\">cat &gt;password_policy.hcl &lt;&lt; EOF\r\nlength=64\r\n\r\nrule \"charset\" {\r\n\u00a0\u00a0charset = \"abcdefghijklmnopqrstuvwxyz\"\r\n\u00a0\u00a0min-chars = 1\r\n}\r\n\r\nrule \"charset\" {\r\n\u00a0\u00a0charset = \"ABCDEFGHIJKLMNOPQRSTUVWXYZ\"\r\n\u00a0\u00a0min-chars = 1\r\n}\r\n\r\nrule \"charset\" {\r\n\u00a0\u00a0charset = \"0123456789\"\r\n\u00a0\u00a0min-chars = 1\r\n}\r\n\r\nrule \"charset\" {\r\n\u00a0\u00a0charset = \"#@%!\"\r\n\u00a0\u00a0min-chars = 1\r\n}\r\nEOF<\/pre>\n<p><span style=\"font-weight: 400\">Depois de fazer o download do plug-in do Vault e gerar seu hash, iniciaremos um servidor do Vault em um cont\u00eainer do Docker, configurado no modo de desenvolvimento. Essa configura\u00e7\u00e3o nos permite contornar alguns recursos de seguran\u00e7a para fins de teste simplificado.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400\">O servidor do Vault escutar\u00e1 na porta 8200 e ser\u00e1 inicializado com um token raiz definido como <em>senha<\/em>. Tamb\u00e9m habilitaremos o registro em n\u00edvel de depura\u00e7\u00e3o para capturar informa\u00e7\u00f5es detalhadas durante nossos testes. Tamb\u00e9m \u00e9 importante observar que precisaremos montar nosso plugin e sha como um volume:<\/span><\/p>\n<pre class=\"nums:false wrap:true lang:sh decode:true\">docker run --cap-add=IPC_LOCK --name=\"couchbase_vault\" --rm \\\r\n\u00a0\u00a0\u00a0\u00a0-e VAULT_DEV_LISTEN_ADDRESS=0.0.0.0:8200 \\\r\n\u00a0\u00a0\u00a0\u00a0-e VAULT_ADDR=https:\/\/0.0.0.0:8200 \\\r\n\u00a0\u00a0\u00a0\u00a0-p 8200:8200 \\\r\n  \u00a0\u00a0-v $(pwd)\/config.json:\/vault\/config\/config.json \\\r\n\u00a0\u00a0  -v $(pwd)\/password_policy.hcl:\/vault\/password_policy.hcl \\\r\n\u00a0\u00a0  -v $(pwd)\/couchbasecapella-database-plugin:\/vault\/plugins\/couchbasecapella-database-plugin \\\r\n\u00a0  \u00a0-v $(pwd)\/couchbasecapella-database-plugin.sha256:\/vault\/couchbasecapella-database-plugin.sha256 \\\r\n \u00a0\u00a0\u00a0\u00a0hashicorp\/vault:1.15 \\\r\n\u00a0\u00a0\u00a0\u00a0\u00a0vault server -dev -dev-root-token-id=\"password\" \\\r\n\u00a0\u00a0\u00a0\u00a0-log-level=debug -config=\/vault\/config\/config.json<\/pre>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-large wp-image-15213\" src=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2024\/01\/image1-1024x452.png\" alt=\"Vault server will listen on port 8200\" width=\"900\" height=\"397\" srcset=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image1-1024x452.png 1024w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image1-300x132.png 300w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image1-768x339.png 768w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image1-1536x678.png 1536w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image1-1320x582.png 1320w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image1.png 1999w\" sizes=\"auto, (max-width: 900px) 100vw, 900px\" \/><\/p>\n<h3><span style=\"font-weight: 400\">Etapa 3: Ativar segredos do banco de dados<\/span><\/h3>\n<p><span style=\"font-weight: 400\">O Vault agora est\u00e1 funcionando no modo de desenvolvimento. Em seguida, habilitaremos o mecanismo de segredos de banco de dados do Vault. Esse mecanismo permite que o Vault gere credenciais din\u00e2micas para bancos de dados e \u00e9 crucial para que nosso plug-in funcione corretamente. Ao habilit\u00e1-lo, estamos preparando o cen\u00e1rio para que o Vault gerencie as credenciais do banco de dados Capella. Abra um novo terminal e execute o seguinte:<\/span><\/p>\n<pre class=\"nums:false wrap:true lang:sh decode:true\">docker ps\r\n\r\ndocker exec -it \"couchbase_vault\" \/bin\/ash -c \"vault login password &amp;&amp; vault secrets enable database\"<\/pre>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-large wp-image-15214\" src=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2024\/01\/image9-1024x413.png\" alt=\"Enable Database Secrets\" width=\"900\" height=\"363\" srcset=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image9-1024x413.png 1024w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image9-300x121.png 300w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image9-768x310.png 768w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image9-1320x532.png 1320w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image9.png 1438w\" sizes=\"auto, (max-width: 900px) 100vw, 900px\" \/><\/p>\n<h3><span style=\"font-weight: 400\">Etapa 4: Registre o plug-in<\/span><\/h3>\n<p><span style=\"font-weight: 400\">Registraremos nosso plug-in personalizado no Vault. Isso envolve o c\u00e1lculo do hash SHA-256 do bin\u00e1rio do plug-in para garantir sua integridade. O Vault usa esse hash para verificar se o plug-in n\u00e3o foi adulterado quando \u00e9 chamado. Depois que o hash for calculado, n\u00f3s o usaremos para registrar o plug-in.<\/span><\/p>\n<pre class=\"nums:false wrap:true lang:sh decode:true\">docker exec -it \"couchbase_vault\" \/bin\/ash -c \"SHA256=\\$(cat \/vault\/couchbasecapella-database-plugin.sha256) &amp;&amp; vault login password &amp;&amp; vault write sys\/plugins\/catalog\/database\/couchbasecapella-database-plugin sha256=\\$SHA256 command=couchbasecapella-database-plugin\"<\/pre>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-large wp-image-15217\" src=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2024\/01\/image6-1024x287.png\" alt=\"Register the Plugin\" width=\"900\" height=\"252\" srcset=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image6-1024x287.png 1024w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image6-300x84.png 300w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image6-768x216.png 768w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image6-1536x431.png 1536w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image6-1320x370.png 1320w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image6.png 1999w\" sizes=\"auto, (max-width: 900px) 100vw, 900px\" \/><\/p>\n<p><span style=\"font-weight: 400\">Agora o plug-in foi registrado com sucesso.<\/span><\/p>\n<h3><span style=\"font-weight: 400\">Etapa 5: Fazer upload da pol\u00edtica de senha<\/span><\/h3>\n<p><span style=\"font-weight: 400\">Faremos o upload de uma pol\u00edtica de senha para o Vault que se alinhe com os requisitos de senha da Capella. Isso garante que todas as credenciais geradas pelo Vault para a Capella estar\u00e3o em conformidade com os padr\u00f5es de seguran\u00e7a da Capella. A pol\u00edtica ser\u00e1 definida em um arquivo HCL (HashiCorp Configuration Language). Esse arquivo foi adicionado \u00e0 imagem do Docker durante a compila\u00e7\u00e3o.<\/span><\/p>\n<pre class=\"nums:false wrap:true lang:sh decode:true\">docker exec -it \"couchbase_vault\" \/bin\/ash -c \"vault login password &amp;&amp; vault write sys\/policies\/password\/couchbasecapella policy=@\/vault\/password_policy.hcl\"<\/pre>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-15215 size-large\" src=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2024\/01\/image13-1024x401.png\" alt=\"Upload Password Policy\" width=\"900\" height=\"352\" srcset=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image13-1024x401.png 1024w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image13-300x118.png 300w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image13-768x301.png 768w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image13-1320x517.png 1320w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image13.png 1434w\" sizes=\"auto, (max-width: 900px) 100vw, 900px\" \/><\/p>\n<h3><span style=\"font-weight: 400\">Etapa 6: Criar configura\u00e7\u00e3o do banco de dados<\/span><\/h3>\n<p><span style=\"font-weight: 400\">Vamos configurar o Vault para se conectar ao nosso cluster da Capella. Isso envolve a especifica\u00e7\u00e3o de v\u00e1rios par\u00e2metros, como o URL de base da API de nuvem da Capella, o ID da organiza\u00e7\u00e3o, o ID do projeto e o ID do cluster. Tamb\u00e9m forneceremos a chave de acesso do Capella que geramos anteriormente. Essa configura\u00e7\u00e3o permite que o Vault interaja com nosso cluster do Capella e gerencie as credenciais dinamicamente.\u00a0<\/span><\/p>\n<pre class=\"nums:false wrap:true lang:sh decode:true\">docker exec -it \"couchbase_vault\" \/bin\/ash -c \"vault login password &amp;&amp; vault write database\/config\/couchbasecapella-database-plugin plugin_name='couchbasecapella-database-plugin' cloud_api_base_url='https:\/\/cloudapi.cloud.couchbase.com\/v4' organization_id=\"$CAPELLA_ORG_ID\" project_id=\"$CAPELLA_PROJECT_ID\" cluster_id=\"$CAPELLA_CLUSTER_ID\" username=\"$CAPELLA_ACCESS_KEY\" password=\"$CAPELLA_SECRET_KEY\" password_policy='couchbasecapella' allowed_roles='*'\"<\/pre>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-15216 size-large\" src=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2024\/01\/image11-1024x257.png\" alt=\"Create Database Config\" width=\"900\" height=\"226\" srcset=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image11-1024x257.png 1024w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image11-300x75.png 300w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image11-768x192.png 768w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image11-1536x385.png 1536w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image11-1320x331.png 1320w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image11.png 1772w\" sizes=\"auto, (max-width: 900px) 100vw, 900px\" \/><\/p>\n<p><span style=\"font-weight: 400\">Agora o plug-in do Capella est\u00e1 configurado e pode se comunicar com o Capella.\u00a0<\/span><\/p>\n<h3><span style=\"font-weight: 400\">Etapa 7: Girar as credenciais da raiz<\/span><\/h3>\n<p><span style=\"font-weight: 400\">Realizaremos uma pr\u00e1tica recomendada de seguran\u00e7a alternando as credenciais raiz de alto privil\u00e9gio que o Vault usa para gerenciar o banco de dados do Capella. Isso minimiza o risco associado a qualquer exposi\u00e7\u00e3o potencial dessas credenciais.<\/span><\/p>\n<pre class=\"nums:false wrap:true lang:sh decode:true\">docker exec -it \"couchbase_vault\" \/bin\/ash -c \"vault login password &amp;&amp; vault write -force database\/rotate-root\/couchbasecapella-database-plugin\"<\/pre>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-large wp-image-15218\" src=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2024\/01\/image16-1024x37.png\" alt=\"Rotate Root Credentials\" width=\"900\" height=\"33\" srcset=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image16-1024x37.png 1024w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image16-300x11.png 300w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image16-768x28.png 768w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image16-1536x55.png 1536w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image16-1320x47.png 1320w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image16.png 1892w\" sizes=\"auto, (max-width: 900px) 100vw, 900px\" \/><\/p>\n<h3><span style=\"font-weight: 400\">Etapa 8: Criar uma fun\u00e7\u00e3o din\u00e2mica<\/span><\/h3>\n<p><span style=\"font-weight: 400\">Em seguida, definiremos uma fun\u00e7\u00e3o din\u00e2mica no Vault. Essa fun\u00e7\u00e3o ter\u00e1 um conjunto de permiss\u00f5es, definidas no formato JSON, que especificam que tipo de opera\u00e7\u00f5es de banco de dados s\u00e3o permitidas. Por exemplo, concederemos <em>leitor de dados<\/em> e <em>gravador_de_dados<\/em> em um bucket e escopo espec\u00edficos em nosso cluster do Capella. Essa fun\u00e7\u00e3o din\u00e2mica ser\u00e1 usada para gerar credenciais com essas permiss\u00f5es.<\/span><\/p>\n<pre class=\"nums:false wrap:true lang:sh decode:true\">docker exec -it \"couchbase_vault\" \/bin\/ash -c 'vault login password &amp;&amp; vault write database\/roles\/dynamicrole1 db_name=\"couchbasecapella-database-plugin\" creation_statements='\\''{\"access\": [ { \"privileges\": [ \"data_reader\", \"data_writer\" ], \"resources\": { \"buckets\": [ { \"name\": \"vault-bucket-1\", \"scopes\": [ { \"name\": \"vault-bucket-1-scope-1\", \"collections\": [ \"*\" ] } ] } ] } } ]}'\\'' default_ttl=\"5m\" max_ttl=\"1h\"'<\/pre>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-large wp-image-15219\" src=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2024\/01\/image4-1024x59.png\" alt=\"Create a dynamic role\" width=\"900\" height=\"52\" srcset=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image4-1024x59.png 1024w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image4-300x17.png 300w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image4-768x44.png 768w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image4.png 1174w\" sizes=\"auto, (max-width: 900px) 100vw, 900px\" \/><\/p>\n<h3><span style=\"font-weight: 400\">Etapa 9: Criar novas credenciais<\/span><\/h3>\n<p><span style=\"font-weight: 400\">Por fim, geraremos um novo conjunto de credenciais de banco de dados usando a fun\u00e7\u00e3o din\u00e2mica que criamos. Essas credenciais s\u00e3o tempor\u00e1rias e obedecer\u00e3o \u00e0s configura\u00e7\u00f5es de TTL (Time-To-Live) que configuramos. Este \u00e9 o ponto culminante da nossa configura\u00e7\u00e3o, demonstrando como o Vault pode gerenciar dinamicamente as credenciais do banco de dados Capella.<\/span><\/p>\n<pre class=\"nums:false wrap:true lang:papyrus decode:true\">docker exec -it \"couchbase_vault\" \/bin\/ash -c 'vault login password &amp;&amp; vault read database\/creds\/dynamicrole1'<\/pre>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-large wp-image-15221\" src=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2024\/01\/image17-1024x220.png\" alt=\"create new credentials\" width=\"900\" height=\"193\" srcset=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image17-1024x220.png 1024w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image17-300x64.png 300w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image17-768x165.png 768w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image17-1536x330.png 1536w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image17-1320x284.png 1320w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image17.png 1880w\" sizes=\"auto, (max-width: 900px) 100vw, 900px\" \/><\/p>\n<p><span style=\"font-weight: 400\">Vamos voltar ao Capella para verificar se nossas credenciais tamb\u00e9m s\u00e3o exibidas na interface do usu\u00e1rio.<\/span><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-large wp-image-15220\" src=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2024\/01\/image5.gif\" alt=\"manage Capella database credentials\" width=\"900\" height=\"435\" \/><\/p>\n<h2><span style=\"font-weight: 400\">Conclus\u00e3o<\/span><\/h2>\n<p><span style=\"font-weight: 400\">Concluindo, nosso plug-in HashiCorp Vault para o gerenciamento de credenciais do banco de dados Capella abre novos horizontes no aprimoramento da seguran\u00e7a de sua infraestrutura de banco de dados. Por meio deste tutorial passo a passo, voc\u00ea obteve informa\u00e7\u00f5es valiosas sobre a configura\u00e7\u00e3o e a utiliza\u00e7\u00e3o eficaz do plug-in.<\/span><\/p>\n<p><span style=\"font-weight: 400\">Ao adotar essa solu\u00e7\u00e3o, voc\u00ea estar\u00e1 simplificando o processo de gerenciamento de credenciais de banco de dados. Incentivamos voc\u00ea a explorar todo o potencial do nosso plug-in e aguardamos suas experi\u00eancias e coment\u00e1rios.<\/span><\/p>\n<p><span style=\"font-weight: 400\">O gerenciamento de credenciais de banco de dados seguro, eficiente e f\u00e1cil de usar est\u00e1 agora ao seu alcance. D\u00ea o primeiro passo em dire\u00e7\u00e3o a um ambiente de banco de dados mais seguro hoje mesmo!<\/span><\/p>\n<p>Se estiver interessado em saber mais sobre como criar seus pr\u00f3prios aplicativos modernos de miss\u00e3o cr\u00edtica no Couchbase, experimente nosso\u00a0<a href=\"https:\/\/cloud.couchbase.com\/sign-up\">Avalia\u00e7\u00e3o gratuita de 30 dias do Couchbase Capella<\/a>. E para ver mais sobre o que nossos clientes est\u00e3o fazendo com o Couchbase, confira nosso\u00a0<a href=\"https:\/\/www.couchbase.com\/blog\/pt\/customers\/\">p\u00e1gina de estudo de caso de cliente<\/a>!<\/p>","protected":false},"excerpt":{"rendered":"<p>In today&#8217;s data-driven world, secure database credential management is a paramount concern for organizations of all sizes. As we strive to empower you with cutting-edge solutions, we are thrilled to announce the release of our HashiCorp Vault plugin for Capella [&hellip;]<\/p>","protected":false},"author":84313,"featured_media":15205,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"footnotes":""},"categories":[2225,1813],"tags":[9705,1725],"ppma_author":[9812],"class_list":["post-15204","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cloud","category-security","tag-hashicorp-vault","tag-nosql-database"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v26.0 (Yoast SEO v26.0) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Secure DB Credentials with HashiCorp Vault &amp; Capella - The Couchbase Blog<\/title>\n<meta name=\"description\" content=\"Boost Capella database security using our HashiCorp Vault plugin. Follow our guide to set up Vault, handle dynamic credentials &amp; manage them externally.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.couchbase.com\/blog\/pt\/secure-db-credentials-with-hashicorp-vault-capella\/\" \/>\n<meta property=\"og:locale\" content=\"pt_BR\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Secure DB Credentials with HashiCorp Vault &amp; Capella\" \/>\n<meta property=\"og:description\" content=\"Boost Capella database security using our HashiCorp Vault plugin. Follow our guide to set up Vault, handle dynamic credentials &amp; manage them externally.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.couchbase.com\/blog\/pt\/secure-db-credentials-with-hashicorp-vault-capella\/\" \/>\n<meta property=\"og:site_name\" content=\"The Couchbase Blog\" \/>\n<meta property=\"article:published_time\" content=\"2024-01-05T19:18:05+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-06-14T01:39:15+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image7.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1792\" \/>\n\t<meta property=\"og:image:height\" content=\"1024\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Istvan Orban\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Istvan Orban\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"12 minutos\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/secure-db-credentials-with-hashicorp-vault-capella\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/secure-db-credentials-with-hashicorp-vault-capella\/\"},\"author\":{\"name\":\"Istvan Orban, Principal Product Manager\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/#\/schema\/person\/da80693db66ef61daaabe98bc56afc26\"},\"headline\":\"Secure DB Credentials with HashiCorp Vault &amp; Capella\",\"datePublished\":\"2024-01-05T19:18:05+00:00\",\"dateModified\":\"2025-06-14T01:39:15+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/secure-db-credentials-with-hashicorp-vault-capella\/\"},\"wordCount\":1760,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/secure-db-credentials-with-hashicorp-vault-capella\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image7.png\",\"keywords\":[\"hashicorp vault\",\"NoSQL Database\"],\"articleSection\":[\"Couchbase Capella\",\"Security\"],\"inLanguage\":\"pt-BR\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.couchbase.com\/blog\/secure-db-credentials-with-hashicorp-vault-capella\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/secure-db-credentials-with-hashicorp-vault-capella\/\",\"url\":\"https:\/\/www.couchbase.com\/blog\/secure-db-credentials-with-hashicorp-vault-capella\/\",\"name\":\"Secure DB Credentials with HashiCorp Vault &amp; Capella - The Couchbase Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/secure-db-credentials-with-hashicorp-vault-capella\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/secure-db-credentials-with-hashicorp-vault-capella\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image7.png\",\"datePublished\":\"2024-01-05T19:18:05+00:00\",\"dateModified\":\"2025-06-14T01:39:15+00:00\",\"description\":\"Boost Capella database security using our HashiCorp Vault plugin. Follow our guide to set up Vault, handle dynamic credentials & manage them externally.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/secure-db-credentials-with-hashicorp-vault-capella\/#breadcrumb\"},\"inLanguage\":\"pt-BR\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.couchbase.com\/blog\/secure-db-credentials-with-hashicorp-vault-capella\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/secure-db-credentials-with-hashicorp-vault-capella\/#primaryimage\",\"url\":\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image7.png\",\"contentUrl\":\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image7.png\",\"width\":1792,\"height\":1024,\"caption\":\"HashiCorp Vault with NoSQL Couchbase Capella\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/secure-db-credentials-with-hashicorp-vault-capella\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.couchbase.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Secure DB Credentials with HashiCorp Vault &amp; Capella\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/#website\",\"url\":\"https:\/\/www.couchbase.com\/blog\/\",\"name\":\"The Couchbase Blog\",\"description\":\"Couchbase, the NoSQL Database\",\"publisher\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.couchbase.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"pt-BR\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/#organization\",\"name\":\"The Couchbase Blog\",\"url\":\"https:\/\/www.couchbase.com\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2023\/04\/admin-logo.png\",\"contentUrl\":\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2023\/04\/admin-logo.png\",\"width\":218,\"height\":34,\"caption\":\"The Couchbase Blog\"},\"image\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/#\/schema\/person\/da80693db66ef61daaabe98bc56afc26\",\"name\":\"Istvan Orban, Principal Product Manager\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/#\/schema\/person\/image\/c873b4cba9199faca7f2d3db2f443f81\",\"url\":\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2023\/04\/image_2023-04-25_205027722.png\",\"contentUrl\":\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2023\/04\/image_2023-04-25_205027722.png\",\"caption\":\"Istvan Orban, Principal Product Manager\"},\"description\":\"Istvan Orban is the Principal Product Manager for Couchbase and lives in the United Kingdom. Istvan has a wide range of experience as a Full stack Software Engineer, Team leader and Devops Engineer. His main focus is security and Single Sign On. Istvan has led several large scale projects of his 20 year professional career.\",\"url\":\"https:\/\/www.couchbase.com\/blog\/pt\/author\/istvanorban\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Secure DB Credentials with HashiCorp Vault &amp; Capella - The Couchbase Blog","description":"Aumente a seguran\u00e7a do banco de dados Capella usando nosso plug-in HashiCorp Vault. Siga nosso guia para configurar o Vault, lidar com credenciais din\u00e2micas e gerenci\u00e1-las externamente.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.couchbase.com\/blog\/pt\/secure-db-credentials-with-hashicorp-vault-capella\/","og_locale":"pt_BR","og_type":"article","og_title":"Secure DB Credentials with HashiCorp Vault &amp; Capella","og_description":"Boost Capella database security using our HashiCorp Vault plugin. Follow our guide to set up Vault, handle dynamic credentials & manage them externally.","og_url":"https:\/\/www.couchbase.com\/blog\/pt\/secure-db-credentials-with-hashicorp-vault-capella\/","og_site_name":"The Couchbase Blog","article_published_time":"2024-01-05T19:18:05+00:00","article_modified_time":"2025-06-14T01:39:15+00:00","og_image":[{"width":1792,"height":1024,"url":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image7.png","type":"image\/png"}],"author":"Istvan Orban","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Istvan Orban","Est. reading time":"12 minutos"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.couchbase.com\/blog\/secure-db-credentials-with-hashicorp-vault-capella\/#article","isPartOf":{"@id":"https:\/\/www.couchbase.com\/blog\/secure-db-credentials-with-hashicorp-vault-capella\/"},"author":{"name":"Istvan Orban, Principal Product Manager","@id":"https:\/\/www.couchbase.com\/blog\/#\/schema\/person\/da80693db66ef61daaabe98bc56afc26"},"headline":"Secure DB Credentials with HashiCorp Vault &amp; Capella","datePublished":"2024-01-05T19:18:05+00:00","dateModified":"2025-06-14T01:39:15+00:00","mainEntityOfPage":{"@id":"https:\/\/www.couchbase.com\/blog\/secure-db-credentials-with-hashicorp-vault-capella\/"},"wordCount":1760,"commentCount":0,"publisher":{"@id":"https:\/\/www.couchbase.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.couchbase.com\/blog\/secure-db-credentials-with-hashicorp-vault-capella\/#primaryimage"},"thumbnailUrl":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image7.png","keywords":["hashicorp vault","NoSQL Database"],"articleSection":["Couchbase Capella","Security"],"inLanguage":"pt-BR","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.couchbase.com\/blog\/secure-db-credentials-with-hashicorp-vault-capella\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.couchbase.com\/blog\/secure-db-credentials-with-hashicorp-vault-capella\/","url":"https:\/\/www.couchbase.com\/blog\/secure-db-credentials-with-hashicorp-vault-capella\/","name":"Secure DB Credentials with HashiCorp Vault &amp; Capella - The Couchbase Blog","isPartOf":{"@id":"https:\/\/www.couchbase.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.couchbase.com\/blog\/secure-db-credentials-with-hashicorp-vault-capella\/#primaryimage"},"image":{"@id":"https:\/\/www.couchbase.com\/blog\/secure-db-credentials-with-hashicorp-vault-capella\/#primaryimage"},"thumbnailUrl":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image7.png","datePublished":"2024-01-05T19:18:05+00:00","dateModified":"2025-06-14T01:39:15+00:00","description":"Aumente a seguran\u00e7a do banco de dados Capella usando nosso plug-in HashiCorp Vault. Siga nosso guia para configurar o Vault, lidar com credenciais din\u00e2micas e gerenci\u00e1-las externamente.","breadcrumb":{"@id":"https:\/\/www.couchbase.com\/blog\/secure-db-credentials-with-hashicorp-vault-capella\/#breadcrumb"},"inLanguage":"pt-BR","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.couchbase.com\/blog\/secure-db-credentials-with-hashicorp-vault-capella\/"]}]},{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/www.couchbase.com\/blog\/secure-db-credentials-with-hashicorp-vault-capella\/#primaryimage","url":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image7.png","contentUrl":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image7.png","width":1792,"height":1024,"caption":"HashiCorp Vault with NoSQL Couchbase Capella"},{"@type":"BreadcrumbList","@id":"https:\/\/www.couchbase.com\/blog\/secure-db-credentials-with-hashicorp-vault-capella\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.couchbase.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Secure DB Credentials with HashiCorp Vault &amp; Capella"}]},{"@type":"WebSite","@id":"https:\/\/www.couchbase.com\/blog\/#website","url":"https:\/\/www.couchbase.com\/blog\/","name":"Blog do Couchbase","description":"Couchbase, o banco de dados NoSQL","publisher":{"@id":"https:\/\/www.couchbase.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.couchbase.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"pt-BR"},{"@type":"Organization","@id":"https:\/\/www.couchbase.com\/blog\/#organization","name":"Blog do Couchbase","url":"https:\/\/www.couchbase.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/www.couchbase.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2023\/04\/admin-logo.png","contentUrl":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2023\/04\/admin-logo.png","width":218,"height":34,"caption":"The Couchbase Blog"},"image":{"@id":"https:\/\/www.couchbase.com\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.couchbase.com\/blog\/#\/schema\/person\/da80693db66ef61daaabe98bc56afc26","name":"Istvan Orban, gerente principal de produtos","image":{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/www.couchbase.com\/blog\/#\/schema\/person\/image\/c873b4cba9199faca7f2d3db2f443f81","url":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2023\/04\/image_2023-04-25_205027722.png","contentUrl":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2023\/04\/image_2023-04-25_205027722.png","caption":"Istvan Orban, Principal Product Manager"},"description":"Istvan Orban \u00e9 o principal gerente de produtos da Couchbase e mora no Reino Unido. Istvan tem uma ampla experi\u00eancia como engenheiro de software de pilha completa, l\u00edder de equipe e engenheiro de Devops. Seu foco principal \u00e9 a seguran\u00e7a e o Single Sign On. Istvan liderou v\u00e1rios projetos de grande escala em seus 20 anos de carreira profissional.","url":"https:\/\/www.couchbase.com\/blog\/pt\/author\/istvanorban\/"}]}},"authors":[{"term_id":9812,"user_id":84313,"is_guest":0,"slug":"istvanorban","display_name":"Istvan Orban","avatar_url":{"url":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2023\/04\/image_2023-04-25_205027722.png","url2x":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2023\/04\/image_2023-04-25_205027722.png"},"author_category":"","last_name":"Orban","first_name":"Istvan","job_title":"","user_url":"","description":"Istvan Orban \u00e9 o principal gerente de produtos da Couchbase e mora no Reino Unido. Istvan tem uma ampla experi\u00eancia como engenheiro de software de pilha completa, l\u00edder de equipe e engenheiro de Devops. Seu foco principal \u00e9 a seguran\u00e7a e o Single Sign On. Istvan liderou v\u00e1rios projetos de grande escala em seus 20 anos de carreira profissional."}],"_links":{"self":[{"href":"https:\/\/www.couchbase.com\/blog\/pt\/wp-json\/wp\/v2\/posts\/15204","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.couchbase.com\/blog\/pt\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.couchbase.com\/blog\/pt\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/pt\/wp-json\/wp\/v2\/users\/84313"}],"replies":[{"embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/pt\/wp-json\/wp\/v2\/comments?post=15204"}],"version-history":[{"count":0,"href":"https:\/\/www.couchbase.com\/blog\/pt\/wp-json\/wp\/v2\/posts\/15204\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/pt\/wp-json\/wp\/v2\/media\/15205"}],"wp:attachment":[{"href":"https:\/\/www.couchbase.com\/blog\/pt\/wp-json\/wp\/v2\/media?parent=15204"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/pt\/wp-json\/wp\/v2\/categories?post=15204"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/pt\/wp-json\/wp\/v2\/tags?post=15204"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/pt\/wp-json\/wp\/v2\/ppma_author?post=15204"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}