I am trying to encrypt and decrypt config properties using Spring config server and client. I have spring boot applications (server and client), using server I have encrypted password property and at client I am trying to decrypt it using same key but getting error. I am trying to enable the config server client to decrypt these properties initially encrypted by config server. Here are the steps I followed:
Install Full-strength JCE and replace 2 policy files in JRE lib/security
generate a key using keytool
keytool -genkeypair -alias config-server-key -keyalg RSA \
-keysize 4096 -sigalg SHA512withRSA -dname "CN=*.domain.com,OU=EUS,O=eusdom,L=City,S=WA,C=US" \
-keypass keyPass -keystore config-server.jks -storepass keys3crt
Added cloud security dependency to the pom file (added these in both config server and client pom )
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-rsa</artifactId>
<version>1.0.1.RELEASE</version>
</dependency>
Added the encryption related configurations (the same values used by config server and client) to the bootstrap.yml also tried with application.yml
encrypt:
key-store:
location: file:///D:/encrypt-server/config-server.jks
password: keyPass
alias: config-server-key
secret: keys3crt
My config server bootstrap looks like this
spring:
application:
name: config-service
cloud:
config:
server:
git:
uri: https://github.com/<>/spring-config-repo
encrypt:
enabled: false
server:
port: 8888
Encrypt the passWord property using config server
curl -X POST --data-urlencode d3v3L \ http://localhost:8888/encrypt
Try to decrypt the property using config server
curl http://localhost:8888/decrypt -d <encryptedVale>
I am getting below error
{"timestamp":1472667297292,"status":500,"error":"Internal Server Error","exception":"java.lang.IllegalStateException","message":"Cannot decrypt","path":"/decrypt"}
I try to print the encrypted property using config client (note : I have added the depenencies and encrypt key details as per 3,4)
@RefreshScope
@Component
@RestController
public class Greeter {
@Value("${cassandra.hostnames}")
String hostnames;
@Value("${cassandra.username}")
String userName;
@Value("${cassandra.password}")
String passWord;
@RequestMapping(value = "/", produces = "application/json")
public List<String> index(){
List<String> env = Arrays.asList(
"userName is: " + userName,
"passWord is: " + passWord,
);
return env;
}
}
I am getting java.lang.IllegalStateException: Cannot decrypt: key=cassandra.password error
Note: I tried to decrypt in config server with out
encrypt:
enabled: false
Please let me know if i am missing anything here. Appreciate any help.
答案 0 :(得分:0)
您用来启用非对称加密的引导程序配置不再默认启用。如果您的项目需要它,可以通过属性或新的启动器重新启用它。 可以找到指南[这里] [1]:https://github.com/spring-cloud/spring-cloud-release/wiki/Spring-Cloud-2020.0-Release-Notes#breaking-changes
要在高于 2.3.x 的 spring boot 版本中启用 bootstrap,我们需要添加 #SpringCloud 引入的新启动器依赖项。
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-bootstrap</artifactId>
<version>3.0.1</version>
</dependency>