SecureVault is an enterprise-grade backend authentication and credential management engine built using modern Java architecture. The system provides secure, stateless API endpoints for managing users, organizations, vaults, and encrypted secrets.
- Language Runtime: Java 25 (LTS)
- Core Framework: Spring Boot 4.0.x (Spring Security, Spring Data JPA)
- Database: PostgreSQL 15 (Alpine-based, isolated container volume)
- Orchestration & Containerization: Docker & Multi-stage Docker Compose
- Security Layer: Stateless JWT (JSON Web Tokens), BCrypt Password Hashing
- Multi-Stage Build Pipeline: Utilizes a lightweight Maven Alpine image to compile binaries safely inside an isolated container stage, keeping the final runtime image clean, minimal, and secure.
- Deterministic Service Orchestration: Implements PostgreSQL container health checks (
pg_isready) combined with strict startup conditions (service_healthy) to completely prevent application boot crashes while the database initializes. - Dual-Configuration Environment: Built-in separation between local host compilation (for high-speed IDE debugging) and isolated multi-container production routing.
flowchart TD
A[Client] --> B[Spring Boot API]
B --> C[Spring Security]
C --> D[JWT Authentication]
D --> E[PostgreSQL]
E --> F[Docker]
SecureVaultProject/
├── Dockerfile
├── docker-compose.yml
├── .gitignore
├── README.md
└── api/
└── api/
├── src/ # Main Java source code
└── pom.xml # Maven dependencies
Prerequisites Make sure you have Docker and Docker Compose installed and running on your system.
Use this mode if you just want to spin up and test the full API ecosystem without installing Java or PostgreSQL on your host system:
- Clone the repository:
git clone https://github.com/Max-Engineer/SecureVaultProject.git
cd SecureVaultProject- Launch the entire multi-container architecture hands-free:
docker compose up --buildThe engine will compile the source, check the database health, provision schemas, and expose the application on http://localhost:8080.
Use this mode if you are actively editing Java code in your IDE and want fast compilation loops:
- Spin up only the isolated database container via your terminal:
docker compose up postgres-db- Click the green Run button for ApiApplication inside IntelliJ. The IDE will claim port 8080 on your host machine and seamlessly connect to the containerized database on port 5432.
| Method | Endpoint | Description | Auth Required |
|---|---|---|---|
| POST | /api/users/register |
Register a fresh user profile | No |
| POST | /api/users/login |
Authenticate and obtain JWT token | No |
| GET | /api/users/{id} |
Retrieve specific user profile details by their unique database ID | Yes (JWT) |
| POST | /api/organizations |
Create a new tenant organization owned by the authenticated user | Yes (JWT) |
| GET | /api/organizations |
Retrieve all tenant organizations associated with the authenticated user | Yes (JWT) |
| POST | /api/vaults |
Create a secure data vault inside an organization | Yes (JWT) |
| POST | /api/secrets |
Encrypt and store a new password payload | Yes (JWT) |
| GET | /api/secrets |
Retrieve authorized vault items | Yes (JWT) |
| PUT | /api/secrets/{id} |
Update an existing encrypted secret's key or value payload by its unique ID | Yes (JWT) |
| DELETE | /api/secrets/{id} |
Permanently remove a specific encrypted secret payload by its unique ID | Yes (JWT) |
- Setting up automated Integration Test suites using JUnit 5 and MockMvc.
- Integrating Swagger / OpenAPI 3 specifications for interactive endpoints.
- Implementing a dual-token JWT mechanism (Short-lived Access + Database-backed Refresh).
- Activating application-level AES-256 transparent encryption-at-rest for values before database write.
Maksym Zhelezniakov - https://github.com/Max-Engineer