如何管理不同环境的spring-boot应用程序配置? [英] How to manage spring-boot application configuration for different environmnets?
问题描述
我有一个在不同环境(dev,qa,prod)中运行的spring-boot应用程序。为了生成可以在所有环境上运行而无需进行任何修改的不可变构建,我将特定于环境的配置文件打包到生成的jar本身中。但这也带来了另一个问题,即也将生产数据库凭据公开给开发团队。我可以使用外部配置服务器,但对我而言这已经算是过高了。
I have a spring-boot application which runs in different environments (dev,qa,prod). In order to generate immutable builds which can run on all environments without any modification i have packaged environment specific configuration files into generated jar itself. But this creates another problem of exposing production database credentials to development team too. I can use external config server, but that's overkill for me for now.
我该如何管理这些配置文件以避免此信息泄漏并拥有不可变的构建以支持CI / CD?
How can i manage these configuration files to avoid this information leak and have immutable builds to support CI/CD ?
推荐答案
对于数据泄漏,建议使用jasypt加密用户名/密码。
For dataleakage, it's advisable to encrypt the username/password with jasypt.
https://github.com/ulisesbocchio/jasypt-spring -boot
用于解密的密码必须在机器上,因此应该已经在这里,并已尽可能地保护了该密码(例如,不同用户或 https://github.com/certnanny/KeyNanny )
The password for the decryption has to be on the machine, though, so that should be there already, secured as much as possible (e.g. different user, or https://github.com/certnanny/KeyNanny)
我不会将配置放在jar文件中不过。它不是应用逻辑的一部分,而是部署过程的一部分,并且部署者应该能够轻松添加新计算机。当然,如果您使用docker,则有所不同。
I wouldn't put the configuration in the jar-file, though. It's not part of the applicaction logic, it's part of deployment process, and the deployer should be able to add new machines easily. If you use docker, it's different, of course.
这篇关于如何管理不同环境的spring-boot应用程序配置?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
