Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Spring Cloud Config not decrypting the config server password

Tags:

spring-boot

spring-cloud

I've been working on Spring Cloud Config for a while. I have a requirement of securing the config data. As per Spring Cloud Documentation I have configured the server.jks and added to classpath. Now I am able to encrypt and decrypt remote config data.

For making the config server secure I have added Spring Security Starter and assigned credentials (password decrypted). For some reason the application is throwing exceptions that it does not have key store on the classpath. After googling it for a while I found that the keystore should go to bootstrap.yml instead of application.yml. This is also not working, what am I missing here?

You can find the yml config files on GitHub: SpringConfigData

Exception:

java.lang.IllegalStateException: Cannot decrypt: key=security.user.password
    at org.springframework.cloud.bootstrap.encrypt.EnvironmentDecryptApplicationInitializer.decrypt(EnvironmentDecryptApplicationInitializer.java:195) ~[spring-cloud-context-1.1.0.BUILD-SNAPSHOT.jar:1.1.0.BUILD-SNAPSHOT]
    at org.springframework.cloud.bootstrap.encrypt.EnvironmentDecryptApplicationInitializer.decrypt(EnvironmentDecryptApplicationInitializer.java:164) ~[spring-cloud-context-1.1.0.BUILD-SNAPSHOT.jar:1.1.0.BUILD-SNAPSHOT]
    at org.springframework.cloud.bootstrap.encrypt.EnvironmentDecryptApplicationInitializer.initialize(EnvironmentDecryptApplicationInitializer.java:94) ~[spring-cloud-context-1.1.0.BUILD-SNAPSHOT.jar:1.1.0.BUILD-SNAPSHOT]
    at org.springframework.cloud.bootstrap.BootstrapApplicationListener$DelegatingEnvironmentDecryptApplicationInitializer.initialize(BootstrapApplicationListener.java:333) ~[spring-cloud-context-1.1.0.BUILD-SNAPSHOT.jar:1.1.0.BUILD-SNAPSHOT]
    at org.springframework.boot.SpringApplication.applyInitializers(SpringApplication.java:640) [spring-boot-1.3.3.RELEASE.jar:1.3.3.RELEASE]
    at org.springframework.boot.SpringApplication.createAndRefreshContext(SpringApplication.java:343) [spring-boot-1.3.3.RELEASE.jar:1.3.3.RELEASE]
    at org.springframework.boot.SpringApplication.run(SpringApplication.java:307) [spring-boot-1.3.3.RELEASE.jar:1.3.3.RELEASE]
    at org.springframework.boot.SpringApplication.run(SpringApplication.java:1191) [spring-boot-1.3.3.RELEASE.jar:1.3.3.RELEASE]
    at org.springframework.boot.SpringApplication.run(SpringApplication.java:1180) [spring-boot-1.3.3.RELEASE.jar:1.3.3.RELEASE]
    at com.test.TestConfigServerApplication.main(TestConfigServerApplication.java:12) [classes/:na]
Caused by: java.lang.UnsupportedOperationException: No decryption for FailsafeTextEncryptor. Did you configure the keystore correctly?
    at org.springframework.cloud.bootstrap.encrypt.EncryptionBootstrapConfiguration$FailsafeTextEncryptor.decrypt(EncryptionBootstrapConfiguration.java:151) ~[spring-cloud-context-1.1.0.BUILD-SNAPSHOT.jar:1.1.0.BUILD-SNAPSHOT]
    at org.springframework.cloud.bootstrap.encrypt.EnvironmentDecryptApplicationInitializer.decrypt(EnvironmentDecryptApplicationInitializer.java:187) ~[spring-cloud-context-1.1.0.BUILD-SNAPSHOT.jar:1.1.0.BUILD-SNAPSHOT]
    ... 9 common frames omitted
like image 810
Preetam Myneni Avatar asked Mar 11 '16 11:03

Preetam Myneni

2 Answers

I have had this problem. To set symmetric encryption in the latest versions of spring cloud, you just have to set the encrypt.key property in the bootstap.yml(or .properties) with the required key (it is recommended to set the key as an OS environmental variable and reference the variable in your file. This is for more security)

However, as you discovered the properties in the bootsrap file are no more imported. You must add the following dependency into your pom file for the properties in that file to be loaded:

<dependency>
      <groupId>org.springframework.cloud</groupId>
      <artifactId>spring-cloud-starter-bootstrap</artifactId>
</dependency>

After having done this every thing will work smoothly.

like image 131
Florian Lowe Avatar answered Nov 19 '22 22:11

Florian Lowe

 
<dependency>
    <groupId>org.springframework.security</groupId>
    <artifactId>spring-security-rsa</artifactId>
    <version>1.0.8.RELEASE</version>
</dependency>

I was facing the same problem from the config client side. To resolve this, I added this dependency in the pom.xml and in bootstarp.properties/bootstrap.yml file, I added encrypt.key property as I was using symmetric encryption.

hope it helps.

like image 28
Darshan Shah Avatar answered Nov 19 '22 23:11

Darshan Shah
Sign in to Comment

Related questions

Disassemble links into entities in Spring Hateoas
Spring Boot (ConfigServer) is restarting all the time
Spring Boot change value properties file
How to deploy Spring Boot to Cloud Foundry?
Integration Testing Spring Boot service using Eureka services
Getting a lost Sentinel error message for Redis
How to add log messages in tests (spring boot)?
spring-boot-starter-ws performance when run as jar
Spring - RESTful authentication using cookies
how to autowire bean in the servlet filters in spring application?
How do I get @JsonIgnore to work so that JSON are not returned recursively?
Spring boot embedded tomcat not loading SSL keystore file from classpath
Dump Spring boot Configuration
Where to store RSA private key for a (Spring Boot) Java AWS program
Spring boot + Thymeleaf custom error messages
How can I prevent my Spring Boot Batch application from running when executing test?
Start two springboot apps in eclipse
How do I get Spring generated cookies to expire when browser is closed?
How to override Spring Security default configuration in Spring Boot
Spring Webjars locator and context-path

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!