CODEWITHSUNDEEP
springspring-bootencryptionspring-cloudspring-cloud-config
YellowMaple
YellowMaple

Reputation: 65

spring-cloud-config-server alway decrypt the encrypted message?

I am running a spring cloud config server.I follow the user guide,and successfully start it up,it can load the configuration from github config-repo/licensingservice/licensingservice.yml .I can use the /decrypt and /encript endpoints ,but when I run http://localhost:8888/licensingservice/default it always decrypts the sensitive message spring.datasource.password: "{cipher}4788dfe1ccbe6485934aec2ffeddb06163ea3d616df5fd75be96aadd4df1da91" into "spring.datasource.password": "p0stgr@s" I have put spring.cloud.config.server.encrypt.enabled=false in bootstrap.yml, and can see it by the

localhost:8888/actuator/env

check from actuator

the configuration on the github:

    example.property: "I AM IN THE DEFAULT"
spring.jpa.database: "POSTGRESQL"
spring.datasource.platform:  "postgres"
spring.jpa.show-sql: "true"
spring.database.driverClassName: "org.postgresql.Driver"
spring.datasource.url: "jdbc:postgresql://database:5432/eagle_eye_local"
spring.datasource.username: "postgres"
spring.datasource.password: "{cipher}4788dfe1ccbe6485934aec2ffeddb06163ea3d616df5fd75be96aadd4df1da91"
spring.datasource.testWhileIdle: "true"
spring.datasource.validationQuery: "SELECT 1"
spring.jpa.properties.hibernate.dialect: "org.hibernate.dialect.PostgreSQLDialect"
redis.server: "redis"
redis.port: "6379"
signing.key: "345345fsdfsf5345"

configuration get from postman:

{
    "name": "licensingservice",
    "profiles": [
        "default"
    ],
    "label": null,
    "version": "56d63a8c0c3dcb0c5c93db1f00cf71856371db8b",
    "state": null,
    "propertySources": [
        {
            "name": "https://github.com/carnellj/config-repo//licensingservice/licensingservice.yml",
            "source": {
                "example.property": "I AM IN THE DEFAULT",
                "spring.jpa.database": "POSTGRESQL",
                "spring.datasource.platform": "postgres",
                "spring.jpa.show-sql": "true",
                "spring.database.driverClassName": "org.postgresql.Driver",
                "spring.datasource.url": "jdbc:postgresql://database:5432/eagle_eye_local",
                "spring.datasource.username": "postgres",
                "spring.datasource.testWhileIdle": "true",
                "spring.datasource.validationQuery": "SELECT 1",
                "spring.jpa.properties.hibernate.dialect": "org.hibernate.dialect.PostgreSQLDialect",
                "redis.server": "redis",
                "redis.port": "6379",
                "signing.key": "345345fsdfsf5345",
                "spring.datasource.password": "p0stgr@s"
            }
        }
    ]
}

my build script:

import org.jetbrains.kotlin.gradle.tasks.KotlinCompile

plugins {
    id("org.springframework.boot") version "2.3.1.RELEASE"
    id("io.spring.dependency-management") version "1.0.9.RELEASE"
    kotlin("jvm") version "1.3.72"
    kotlin("plugin.spring") version "1.3.72"
}

group = "com.matches"
version = "0.0.1-SNAPSHOT"
java.sourceCompatibility = JavaVersion.VERSION_1_8

repositories {
    mavenCentral()
}

extra["springCloudVersion"] = "Hoxton.SR6"

dependencies {
    implementation("org.jetbrains.kotlin:kotlin-reflect")
    implementation("org.jetbrains.kotlin:kotlin-stdlib-jdk8")
    implementation("org.springframework.cloud:spring-cloud-config-server")
    implementation("org.springframework.cloud:spring-cloud-starter-config")
    implementation("org.springframework.cloud:spring-cloud-starter-eureka")
    implementation("org.springframework.boot:spring-boot-starter-actuator")
    testImplementation("org.springframework.boot:spring-boot-starter-test") {
        exclude(group = "org.junit.vintage", module = "junit-vintage-engine")
    }
}

dependencyManagement {
    imports {
        mavenBom("org.springframework.cloud:spring-cloud-dependencies:${property("springCloudVersion")}")
    }
}

tasks.withType<Test> {
    useJUnitPlatform()
}

tasks.withType<KotlinCompile> {
    kotlinOptions {
        freeCompilerArgs = listOf("-Xjsr305=strict")
        jvmTarget = "1.8"
    }
}

ConfigserverApplication:

import org.springframework.boot.autoconfigure.SpringBootApplication
import org.springframework.boot.runApplication
import org.springframework.cloud.config.server.EnableConfigServer

@SpringBootApplication
@EnableConfigServer
class ConfigserverApplication

fun main(args: Array<String>) {
    runApplication<ConfigserverApplication>(*args)
}

I can not find out why it alway decrypts the password?

Upvotes: 0

Views: 2190

Answers (1)

Muhammad Waqas Dilawar
Muhammad Waqas Dilawar

Reputation: 2322

spring-cloud-config-server always decrypt the encrypted message? NO

ConfigClient can also decrypt if we set encrypt to false like this in ConfigServer.

spring:
  cloud:
    config:
      server:
        encrypt:
          enabled: false
        git:
          uri: linkToYourURI

And in the ConfigClient use the key for decryption like this. Remember to put this in bootstrap.yml as for application.yml it will be too late, see this for further clarification.

encrypt:
  key: PutYourKeyHere

Upvotes: 1

Related Questions