问题
According to the spring cloud config documentation, if we want to disable server side decryption and handle it by the client, we can put in server’s application.yml the following property :
spring:
cloud:
config:
server:
encrypt.enabled: false
In server side, a define an env variable ENCRYPT_KEY then a call a curl to get encrypted password, I update the configuration file then I commit it
export ENCRYPTED=`curl config-server/encrypt -d ms-password-prod`
echo "spring.data.mongodb.paswword='{cipher}$ENCRYPTED'" >> establishment-services-prod.yml
Now, when I call
curl -v config-server:9090/establishment-services/prod
I expect to see encrypted password but I get the password decrypted.
I used spring-boot 1.5.8 and spring-cloud Dalston.SR4.
You can find all the code in my Github account.
回答1:
Moving the spring.cloud.config.server.encrypt.enabled key to the bootstrap configuration file of your config server should fix the issue.
Looking at the project documentation, I'm not sure if this is a workaround or the intended behavior, as it seems that only the encrypt.* keys belong in the bootstrap configuration.
This could be a bug or a documentation enhancement that you could report on the issue tracker spring-cloud-config.
来源:https://stackoverflow.com/questions/47470031/failed-to-disable-decryption-server-side-in-spring-cloud-config-server