在Jhipster Registry App的配置文件中使用时如何加密Jasypt.encryptor.pasword属性 [英] How to encrypt Jasypt.encryptor.pasword property while using in Jhipster registry App's configuration file
问题描述
我正在使用JHipster注册表APP,并通过Jasypt库使用本地加密来从集中化配置中为所有微服务加密用户名和密码.
I am using JHipster registry APP and used local encryption by using Jasypt library to encrypt username and password from a centralized configuration for all micro-services.
在执行此操作时,我观察到尝试加密默认用户名和密码(admin/admin)的过程,并按如下所述在Central-config文件夹中进行了加密,同时我配置了 gateway.yml (所有微服务通用配置的配置文件)
While doing this I observed the moment I try to encrypt default username and password (admin/admin) ,encrypted as mentioned below in the central-config folder , I have configured gateway.yml( central configuration file for all micro-services common configurations)
spring:
datasource:
type: com.zaxxer.hikari.HikariDataSource
url: jdbc:mysql://localhost:3306/gateway?useUnicode=true&characterEncoding=utf8&useSSL=false&useLegacyDatetimeCode=false&serverTimezone=UTC&createDatabaseIfNotExist=true
**username: ENC(HLr1wJLGRZPuHVMUgEhiUQ==)
password: ENC(HLr1wJLGRZPuHVMUgEhiUQ==)**
hikari:
poolName: Hikari
auto-commit: false
data-source-properties:
cachePrepStmts: true
prepStmtCacheSize: 250
prepStmtCacheSqlLimit: 2048
useServerPrepStmts: true
jpa:
database-platform: org.hibernate.dialect.MySQLInnoDBDialect
database: MYSQL
openInView: false
show-sql: true
liquibase:
drop-first: true
# Remove 'faker' if you do not want the sample data to be loaded automatically
contexts: dev
eureka:
instance:
prefer-ip-address: true
client:
service-url:
defaultZone:
# Jasypt Encryptor property================
http://**ENC(iNeA5NB8uu+MIXdPXBNzSw==):ENC(iNeA5NB8uu+MIXdPXBNzSw==)**@localhost:8761/eureka/
# ===========================================
# Jasypt Encryptor property
#============================================
jasypt:
encryptor:
password: jasyptkey
我还为Jasypt-maven spring boot starter config添加了注册表应用程序项目所需的依赖项,如下所示,它也编译并完美显示了注册表
I have added needed dependency tot he registry app project too for Jasypt-maven spring boot starter config as shown below and it compiled and brings up registry also perfectly
<dependency>
<groupId>com.github.ulisesbocchio</groupId>
<artifactId>jasypt-spring-boot-starter</artifactId>
<version>2.0.0</version>
</dependency>
我遇到的发现客户端/云配置服务器客户端无法识别端点URI的问题.
The issue I am facing the discovery client/ cloud config server clients are not able to recognize the end-point URI.
我还从微服务应用程序(网关)共享了 bootstrap.yml 文件,以备不时之需.
I have shared the bootstrap.yml file from micro-service app( gateway) too for reference if anything missing there.
微服务应用程序 bootstarp.yml 文件就是这样
micro-service app bootstarp.yml file goes like this
spring:
application:
name: gateway
profiles:
active: dev
include: composite
cloud:
config:
fail-fast: false
uri: http://admin:${jhipster.registry.password}@localhost:8761/config/decrypt
# name of the config server's property source (file.yml) that we want to use
name: gateway
profile: dev
请建议您在配置时是否想错了,或者其他任何替代方法,或者它不支持基于Jasypt的加密/解密或需要配置更多内容?
Please suggest whant went wrong while configuring or any other alternative way to do this or it doesn't support Jasypt based encryption/decryption or something more needed to be configured?
推荐答案
我已经找到了解决该问题的方法.我所做的唯一更改是通过传递了Jasypt加密库,该库是我使用传统的JHipster注册表应用程序Cloud Config Server加密/解密策略尝试过的.对于类似的事情,我不得不喜欢将任何Spring Cloud Config服务器发现与eureka一起使用.因此,当我通过 boostrap.yml 中的JHipster-Registry应用程序中的central-config文件夹通过本地文件系统使用集中式配置时,我已在注册表应用程序端禁用了Spring Cloud config服务器的crypto属性,如下所示
I have figured out a solution for the issue. The only change I made is by passing Jasypt encryption library I tried using traditional JHipster registry app Cloud Config Server encryption/decryption strategy. For that similar thing I had to like using any Spring Cloud Config server Discovery along with eureka. So I while using my centralized configuration using native file system via central-config folder in JHipster-Registry app in boostrap.yml I have disabled the encrypt property of Spring Cloud config server at registry app end like this
spring:
application:
name: jhipster-registry
profiles:
active: dev
include: composite
cloud:
config:
server:
#git:
# uri: https://github.com/debjupiter18/central-config-server
#skipSslValidation: true
bootstrap: true
**encrypt.enabled: false**
在我的微服务网关应用程序上启用了如下所述的功能
Enabled the same at my micro-service gateway app as mentioned below
jhipster:
registry:
password: '{cipher}a7b13e30356a50ed81275d9428a31543d7f59eb9e374f3063a94464e9f4a5863'
spring:
application:
name: gateway
profiles:
active: dev
include: composite
# The commented value for `active` can be replaced with valid Spring profiles to load.
# Otherwise, it will be filled in by maven when building the JAR file
# Either way, it can be overridden by `--spring.profiles.active` value passed in the commandline or `-Dspring.profiles.active` set in `JAVA_OPTS`
#active: dev
cloud:
config:
server.encrypt.enabled: true
fail-fast: false # if not in "prod" profile, do not force to use Spring Cloud Config
uri: http://admin:${jhipster.registry.password}@localhost:8761/config
#http://admin:password@registry:8761/config/decrypt
# name of the config server's property source (file.yml) that we want to use
name: gateway
profile: dev
在Central-config文件夹中的 gateway.yml 文件中,已修改了以下两个加密属性,因为该目标是检查是否能够发现Eureka客户端并连接到MYSQL Db的原型.这些更改就位.
In the gateway.yml file in the central-config folder has been modified two encryption property as below, as the objective was a prototype to check if able to discover Eureka client and connect to MYSQL Db with these changes in place.
spring:
datasource:
type: com.zaxxer.hikari.HikariDataSource
url: jdbc:mysql://localhost:3306/gateway?useUnicode=true&characterEncoding=utf8&useSSL=false&useLegacyDatetimeCode=false&serverTimezone=UTC&createDatabaseIfNotExist=true&allowPublicKeyRetrieval=true
username: root #{cipher}7f21f461454b9c0d99f2f81194257b9b0f77787cfab738b690f73c1ee84a73c4 #ENC(HLr1wJLGRZPuHVMUgEhiUQ==)
password: '{cipher}7f21f461454b9c0d99f2f81194257b9b0f77787cfab738b690f73c1ee84a73c4' #root
hikari:
poolName: Hikari
auto-commit: false
data-source-properties:
cachePrepStmts: true
prepStmtCacheSize: 250
prepStmtCacheSqlLimit: 2048
useServerPrepStmts: true
jpa:
database-platform: org.hibernate.dialect.MySQLInnoDBDialect
database: MYSQL
openInView: false
show-sql: true
liquibase:
drop-first: true
# Remove 'faker' if you do not want the sample data to be loaded automatically
contexts: dev #, faker
# Property to disable logging in GAE since we cannot write to GAE file system
mail:
host: localhost
port: 25
username:
password:
messages:
cache-duration: PT1S # 1 second, see the ISO 8601 standard
thymeleaf:
cache: false
sleuth:
sampler:
probability: 1 # report 100% of traces
zipkin: # Use the "zipkin" Maven profile to have the Spring Cloud Zipkin dependencies
base-url: http://localhost:9411
enabled: false
locator:
discovery:
enabled: true
security:
basic.enabled: true
user.name : admin
user.password : '{cipher}a7b13e30356a50ed81275d9428a31543d7f59eb9e374f3063a94464e9f4a5863'
eureka:
instance:
prefer-ip-address: true
client:
register-with-eureka: true
fetch-registry: true
service-url:
defaultZone: http://${spring.security.user.name}:${spring.security.user.password}@localhost:8761/eureka/
bootsrap.yml 中最后但并非最少使用的相同属性,遵循在Config服务器端启用加密机制并帮助在服务器端解密相同属性的原则,这是由于JHipster注册表同时充当Cloud Config服务器和Eureka注册表.
Last but not the least used same property as mentioned below in both of the bootsrap.yml following the principle of enabling encryption mechanism at Config server end and to help decrypt the same property at server end also, this is due to JHipster registry acting both as Cloud Config server and Eureka registry as well.
encrypt:
key: bXktc2VjcmV0LWtleS13aGljaC1zaG91bGQtYmUtY2hhbmdlZC1pbi1wcm9kdWN0aW9uLWFuZC1iZS1iYXNlNjQtZW5jb2RlZAo=
``` in both **bootstarp.yml** file to leverage the Spring cloud config server at JHipster-registry app side, to use the encryption at server side and decryption at client side .
I am able to run the centralized configuration with encryption and deryption,
I stopped using Jasypt library for now.
This is working for me, please let me know if any other suggestions or any downside of this solution, can discuss if anybody tried a different approach.
这篇关于在Jhipster Registry App的配置文件中使用时如何加密Jasypt.encryptor.pasword属性的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
