问题
The issue is for sure known. But i cannot find any solution. I'm using spring boot cloud config server to serve all properties values (encrypted) by {cipher} expression. It uses keystore located in the same system. But password to the keystore is in plain text. The question is there a possibility to some how encrypt the keystore password?
Thanks in advance!
回答1:
Encrypting the keystore password would require configuring a key for decryption which itself would have to be stored unencrypted, so there's no use in that.
I think the best way would be setting the keystore password as an environment variable (as described in this post or this SO question).
回答2:
I completely agree with @Quagaar that the best way is to actually store it in an environment variable and have the application.properties read from there. Something like server.ssl.key-store-password=${KEY_STORE_PASSWORD}
and set the environment variable in the run configurations for IDE or Export command on your terminal.
回答3:
Its like creating a key for another key using a passphrase, multiple times you do that still will end having some passphrase in repository (like bitbucket).
Better to encrypt all passwords using config server encrypt.key: "{$somepassphrase}" and store this passphrase(master key) as env variable and pass it using Jenkins while generating a pipeline.
来源:https://stackoverflow.com/questions/39587546/spring-boot-cloud-config-encrypt-keystore-password