Menu
According to the spring cloud config documentation, if we want to disable server side decryption and handle it by the client, we can put in server’s application.yml the following property :
spring:
cloud:
config:
server:
encrypt.enabled: false
In server side, a define an env variable ENCRYPT_KEY then a call a curl to get encrypted password, I update the configuration file then I commit it
export ENCRYPTED=`curl config-server/encrypt -d ms-password-prod`
echo "spring.data.mongodb.paswword='{cipher}$ENCRYPTED'" >> establishment-services-prod.yml
Now, when I call
curl -v config-server:9090/establishment-services/prod
I expect to see encrypted password but I get the password decrypted.
I used spring-boot 1.5.8 and spring-cloud Dalston.SR4.
You can find all the code in my Github account.
584
Spring Cloud Config Server provides an HTTP resource-based API for external configuration (name-value pairs or equivalent YAML content). The server is embeddable in a Spring Boot application, by using the @EnableConfigServer annotation.
Spring Cloud Config Server features: HTTP, resource-based API for external configuration (name-value pairs, or equivalent YAML content) Encrypt and decrypt property values (symmetric or asymmetric) Embeddable easily in a Spring Boot application using @EnableConfigServer.
Moving the spring.cloud.config.server.encrypt.enabled key to the bootstrap configuration file of your config server should fix the issue.
Looking at the project documentation, I'm not sure if this is a workaround or the intended behavior, as it seems that only the encrypt.* keys belong in the bootstrap configuration.
This could be a bug or a documentation enhancement that you could report on the issue tracker spring-cloud-config.
197
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
