问题
I am trying to encrypt and decrypt config properties using Spring config server and client. I have spring boot applications (server and client), using server I have encrypted password property and at client I am trying to decrypt it using same key but getting error. I am trying to enable the config server client to decrypt these properties initially encrypted by config server. Here are the steps I followed:
Install Full-strength JCE and replace 2 policy files in JRE lib/security
generate a key using keytool
keytool -genkeypair -alias config-server-key -keyalg RSA \ -keysize 4096 -sigalg SHA512withRSA -dname "CN=*.domain.com,OU=EUS,O=eusdom,L=City,S=WA,C=US" \ -keypass keyPass -keystore config-server.jks -storepass keys3crt
Added cloud security dependency to the pom file (added these in both config server and client pom )
<dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-security</artifactId> </dependency> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-rsa</artifactId> <version>1.0.1.RELEASE</version> </dependency>
Added the encryption related configurations (the same values used by config server and client) to the
bootstrap.yml
also tried withapplication.yml
encrypt: key-store: location: file:///D:/encrypt-server/config-server.jks password: keyPass alias: config-server-key secret: keys3crt
My config server bootstrap looks like this
spring: application: name: config-service cloud: config: server: git: uri: https://github.com/<>/spring-config-repo encrypt: enabled: false server: port: 8888
Encrypt the passWord property using config server
curl -X POST --data-urlencode d3v3L \ http://localhost:8888/encrypt
Try to decrypt the property using config server
curl http://localhost:8888/decrypt -d <encryptedVale>
I am getting below error
{"timestamp":1472667297292,"status":500,"error":"Internal Server Error","exception":"java.lang.IllegalStateException","message":"Cannot decrypt","path":"/decrypt"}
I try to print the encrypted property using config client (note : I have added the depenencies and encrypt key details as per 3,4)
@RefreshScope @Component @RestController public class Greeter { @Value("${cassandra.hostnames}") String hostnames; @Value("${cassandra.username}") String userName; @Value("${cassandra.password}") String passWord; @RequestMapping(value = "/", produces = "application/json") public List<String> index(){ List<String> env = Arrays.asList( "userName is: " + userName, "passWord is: " + passWord, ); return env; }
}
I am getting
java.lang.IllegalStateException: Cannot decrypt: key=cassandra.password
errorNote: I tried to decrypt in config server with out
encrypt: enabled: false
Please let me know if i am missing anything here. Appreciate any help.
来源:https://stackoverflow.com/questions/39256589/unable-to-decrypt-from-spring-config-server-cleint