I have a Spring Boot app that is using Spring Cloud Config but I would like to encrypt the Spring Cloud Config password in the Spring Boot apps bootstrap.yml file. Is there a way to do this? Below is an example.
Spring Boot app bootstrap.yml
spring:
cloud:
config:
uri: http://locahost:8888
username: user
password: '{cipher}encryptedpassword'
A couple things I've discovered related to this.
If you use bootstrap.yml (or application.yml), the format for the cipher text must enclosed within single quotes:
security.user.password: '{cipher}56e611ce4a99ffd99908d2c9aa1461d831722812e4370a5b6900b7ea680ae914'
If you use bootstrap.properties (or application.properties), the format for the cipher text must NOT be enclosed:
security.user.password= {cipher}56e611ce4a99ffd99908d2c9aa1461d831722812e4370a5b6900b7ea680ae914
The [reference docs][1] show the yml without the quotes, which I never got to work. SnakeYaml always reported an error:
"expected <block end>, but found Scalar"
There is support for encrypted properties in the config client (as described in the user guide). Obviously if you do it that way you have to provide a key to decrypt the properties at runtime, so actually I don't always see the benefit (I suppose the config file is a bit like a keystore with a special format, so you only have one secret to protect instead of many). Example (application.yml):
integration:
stores:
test: '{cipher}316f8cdbb776c23e679bf209014788a6eab7522f48f97114328c2c9388e6b3c1'
and the key (in bootstrap.yml):
encrypt:
key: ${ENCRYPT_KEY:} # deadbeef
You can use Spring CLI to encrypt the secrets spring encrypt password --key 'SECRET_KEY'
© 2022 - 2024 — McMap. All rights reserved.