Spring boot cloud config encrypt keystore password

房东的猫 提交于 2019-12-24 07:15:57

问题


The issue is for sure known. But i cannot find any solution. I'm using spring boot cloud config server to serve all properties values (encrypted) by {cipher} expression. It uses keystore located in the same system. But password to the keystore is in plain text. The question is there a possibility to some how encrypt the keystore password?

Thanks in advance!


回答1:


Encrypting the keystore password would require configuring a key for decryption which itself would have to be stored unencrypted, so there's no use in that.

I think the best way would be setting the keystore password as an environment variable (as described in this post or this SO question).




回答2:


I completely agree with @Quagaar that the best way is to actually store it in an environment variable and have the application.properties read from there. Something like server.ssl.key-store-password=${KEY_STORE_PASSWORD} and set the environment variable in the run configurations for IDE or Export command on your terminal.




回答3:


Its like creating a key for another key using a passphrase, multiple times you do that still will end having some passphrase in repository (like bitbucket).

Better to encrypt all passwords using config server encrypt.key: "{$somepassphrase}" and store this passphrase(master key) as env variable and pass it using Jenkins while generating a pipeline.



来源:https://stackoverflow.com/questions/39587546/spring-boot-cloud-config-encrypt-keystore-password

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!