问题
I'm trying to get my KMS library, found here, to decrypt items from my application.yml that come from either the google cloud config server or an environment variable.
In playing around I've tried a number of scenarios to get this to work. Ideally I'd like to be able to do something like:
username: '{cipher}${db_username} where ${db_username} is either a property I read in from google cloud config or an environment variable.
So far what I've tried:
✅username: ${username} -> Successfully reads the plain text property from either the cloud config or environment variable successfully. (no encryption)
✅username: '{cipher}MyEncodedString' -> Success - decodes the provided inline string
❗️username: '{cipher}${username}' -> I believe this is trying to use the literal string ${username}
❗️username: '{cipher}'${username} -> invalid format / can't read
Since I can see that my decode is working when I put the string inline I don't believe this to be an issue with the decoder.
I may also be dumb and this is not a scenario I'd ever want to do, but it seems logical to me that I'd store these in a config area and let the application / profile pull in and decrypt what it needs.
If it makes a difference, and at this point I don't feel it does, I'm attempting to do all of this on Google Cloud Run + Java + Jib
回答1:
can you try to use properties file. properties file doesn't require single quotes for {cipher}. less chances but can work.
来源:https://stackoverflow.com/questions/57984457/cant-decrypt-property-from-spring-cloud-config-or-environment-variable