Reputation: 5591
Access a java keystore file stored in docker container, inside a dependent jar
I have 1 main and 1 secondary java springboot based app. The secondary app is acting like a library project. The main app is dependent on secondary app which is clearly mentioned in pom.xml of main app.
I have a docker-compose.yml file in main app which takes care of running required containers. I am storing a jks file using volumes in docker-compose.yml inside /certs/xyz.jks path of the docker container and setting 2 environment variables in the same docker-compose.yml file for setting the path of the jks file + the password of keystore.
In docker-compose.yml,
environment:
- JAVAX_NET_SSL_TRUSTSTORE=/certs/truststore.jks
- JAVAX_NET_SSL_TRUSTSTOREPASSWORD=abcdef
volumes:
- ./src/main/resources/truststore.jks:/certs/truststore.jks
In order to connect to amazon documentDB, the secondary app needs to set the system properties - javax.net.ssl.trustStore and javax.net.ssl.trustStorePassword. If I run the main app locally without using docker-compose and by putting the values in application.yml file, It's able to connect to documentDB successfully(via seconday app of course as seconday app is the one which is setting the system properties as mentioned above).
In application.yml,
javax:
net:
ssl:
trustStore: src/main/resources/truststore.jks
trustStorePassword: abcde
And in secondary app, I am retrieving using
@Value("${javax.net.ssl.trustStore}")
String trustStore;
@Value("${javax.net.ssl.trustStorePassword}")
String trustStorePassword;
As part of running the above scenario using docker-compose, I am successfully able to access the properties(keystore path and password) from the environment variables set in docker-compose file of the main app, inside the secondary app. Basically, I am able to get the relative path of the keystore file (i.e /certs/truststore.jks) and the password in the secondary app as 2 Strings.
However, using these, I am not able to connect to documentDB as it fails with
org.mongodb.driver.cluster : Cluster description not yet available. Waiting for 30000 ms before timing out
[127.0.0.1:27019] org.mongodb.driver.cluster : Exception in monitor thread while connecting to server 127.0.0.1:27019
Hence, Can you please let me know if you think there could be an issue with passing the jks file properly from main app to secondary app in case of docker-compose? When it works fine locally in the secondary app, do I need to configure anything else from docker-compose's side of the main app, in order to get it worked in secondary app?
Note: I referred these posts for implementing and getting it worked locally (without docker)
Basically, the jks file is present inside /certs/truststore.jks path of the container and I am able to see the same in docker desktop as well.
Upvotes: 0
Views: 56
Answers (0)
Related Questions
- How do I edit a file after I shell to a Docker container?
- Using SSH keys inside docker container
- How to use sudo inside a docker container?
- How to run a cron job inside a docker container?
- How to get the IP address of the docker host from inside a docker container
- Root password inside a Docker container
- Accessing ssl .pem files inside docker container
- ERROR: Named volume "xplore:/root/xPlore/rtdata:rw" is used in service "dsearch" but no declaration was found in the volumes section