CODEWITHSUNDEEP
javaspring-bootspring-securitycryptographyspring-cloud-config
roushan kumar Singh
roushan kumar Singh

Reputation: 384

Spring config server security encryption and decryption not working

I am using spring config server and spring security. I have followed the link https://cloud.spring.io/spring-cloud-config/multi/multi__spring_cloud_config_server.html I have added JCF in C:\Program Files\Java\jdk1.8.0_171\jre\lib\security folder. When I post localhost:8080/encrypt { "description": "The encryption algorithm is not strong enough", "status": "INVALID" } This response comes. Please let me know the issue.

Upvotes: 10

Views: 9469

Answers (5)

Andy Brown
Andy Brown

Reputation: 12999

The cloud config server's encrypt.key property is used to decrypt encrypted properties in the configuration files therefore it is clearly too late (and wrong from a security perspective) to provide said key in those configuration files.

It needs to be available to the bootstrap context so yes you can put it in bootstrap.yml if that configuration file is suitably secured or better yet it should be provided at startup time by a trusted secret storage system like Vault.

It's a shame that Spring's way of telling you that you have got this wrong is to emit this error message:

{"description":"The encryption algorithm is not strong enough","status":"INVALID"}

Upvotes: 2

Aneeq Anwar
Aneeq Anwar

Reputation: 1332

With spring cloud config server 2, we get an error response for endpoint /encrypt as The encryption algorithm is not strong enough. This error occurs if you don't have encrypt.key property defined. Even if this is defined, to avoid this error, the property encrypt.key should be placed in bootstrap.properties rather than application.properties.

Upvotes: 5

Bereket Belete
Bereket Belete

Reputation: 374

bootstrap.properties are meant to be tracked under source control so i would rather reference the envcrypt.key value as an operating system environment variable.

For unix systems use export ENCRYPT_KEY=YOURKEY

Add this variable to one of start up files ~/bashrc, ~.profile or ~/.login to make it permanent

Upvotes: 3

shubham bellale
shubham bellale

Reputation: 221

if you are getting {"description": "The encryption algorithm is not strong enough", "status": "INVALID" } response.The solution is just create bootstrap.properties file in config server and add encrypt.key="Secrete Key" property.

Upvotes: 16

franta kocourek
franta kocourek

Reputation: 1337

Disclaimer: I am running org.springframework.cloud:spring-cloud-config-server:2.0.6.RELEASE.

It's not just enought to enable unlimited crypto policy (btw, it is by default starting from jdk8.161), but you have to also provide (in case you want to use symmetric cryptography) encrypt.key property.

You can find it down the documentation: http://cloud.spring.io/spring-cloud-config/2.0.x/single/spring-cloud-config.html#_key_management

PS: Set it within bootstrap.properties.

Upvotes: 8

Related Questions