Spring Cloud Config 不解密配置服务器密码 [英] Spring Cloud Config not decrypting the config server password

问题描述

我在 Spring Cloud Config 上工作了一段时间.我有保护配置数据的要求.根据 Spring Cloud 文档已配置 server.jks 并添加到类路径.现在我可以加密和解密远程配置数据了.

I am working on Spring Cloud Config for a while. I have a requirement for securing the config data. As per Spring Cloud Documentation have configured the server.jks and added to classpath. Now i am able to encrypt and decrypt remote config data.

为了使配置服务器安全，我添加了 spring 安全启动器并分配了凭据(密码解密).出于某种原因，应用程序抛出异常，认为它在类路径上没有密钥存储.在谷歌搜索一段时间后，我发现密钥库应该转到 bootstrap.yml 而不是 application.yml.这也不起作用，请指出我在这里缺少什么.

For making the config server secure i have added spring security starter and assigned credentials (password decryted). For some reason the application is throwing excpetions that it does not have key store on the classpath. After googling it for a while i found that the keystore should go to bootstrap.yml instead of application.yml. This is also not working please point me what i am missing here.

请在 git 中找到 yml 文件SpringConfigData

Please find the yml files in git SpringConfigData

异常

java.lang.IllegalStateException: Cannot decrypt: key=security.user.password
    at org.springframework.cloud.bootstrap.encrypt.EnvironmentDecryptApplicationInitializer.decrypt(EnvironmentDecryptApplicationInitializer.java:195) ~[spring-cloud-context-1.1.0.BUILD-SNAPSHOT.jar:1.1.0.BUILD-SNAPSHOT]
    at org.springframework.cloud.bootstrap.encrypt.EnvironmentDecryptApplicationInitializer.decrypt(EnvironmentDecryptApplicationInitializer.java:164) ~[spring-cloud-context-1.1.0.BUILD-SNAPSHOT.jar:1.1.0.BUILD-SNAPSHOT]
    at org.springframework.cloud.bootstrap.encrypt.EnvironmentDecryptApplicationInitializer.initialize(EnvironmentDecryptApplicationInitializer.java:94) ~[spring-cloud-context-1.1.0.BUILD-SNAPSHOT.jar:1.1.0.BUILD-SNAPSHOT]
    at org.springframework.cloud.bootstrap.BootstrapApplicationListener$DelegatingEnvironmentDecryptApplicationInitializer.initialize(BootstrapApplicationListener.java:333) ~[spring-cloud-context-1.1.0.BUILD-SNAPSHOT.jar:1.1.0.BUILD-SNAPSHOT]
    at org.springframework.boot.SpringApplication.applyInitializers(SpringApplication.java:640) [spring-boot-1.3.3.RELEASE.jar:1.3.3.RELEASE]
    at org.springframework.boot.SpringApplication.createAndRefreshContext(SpringApplication.java:343) [spring-boot-1.3.3.RELEASE.jar:1.3.3.RELEASE]
    at org.springframework.boot.SpringApplication.run(SpringApplication.java:307) [spring-boot-1.3.3.RELEASE.jar:1.3.3.RELEASE]
    at org.springframework.boot.SpringApplication.run(SpringApplication.java:1191) [spring-boot-1.3.3.RELEASE.jar:1.3.3.RELEASE]
    at org.springframework.boot.SpringApplication.run(SpringApplication.java:1180) [spring-boot-1.3.3.RELEASE.jar:1.3.3.RELEASE]
    at com.test.TestConfigServerApplication.main(TestConfigServerApplication.java:12) [classes/:na]
Caused by: java.lang.UnsupportedOperationException: No decryption for FailsafeTextEncryptor. Did you configure the keystore correctly?
    at org.springframework.cloud.bootstrap.encrypt.EncryptionBootstrapConfiguration$FailsafeTextEncryptor.decrypt(EncryptionBootstrapConfiguration.java:151) ~[spring-cloud-context-1.1.0.BUILD-SNAPSHOT.jar:1.1.0.BUILD-SNAPSHOT]
    at org.springframework.cloud.bootstrap.encrypt.EnvironmentDecryptApplicationInitializer.decrypt(EnvironmentDecryptApplicationInitializer.java:187) ~[spring-cloud-context-1.1.0.BUILD-SNAPSHOT.jar:1.1.0.BUILD-SNAPSHOT]
    ... 9 common frames omitted

推荐答案

我遇到了这个问题.要在最新版本的 Spring Cloud 中设置对称加密，您只需使用所需的密钥在 bootstap.yml(or .properties) 中设置 encrypt.key 属性(建议将密钥设置为操作系统环境变量并在您的文件中引用该变量.这是为了更安全)

I have had this problem. To set symmetric encryption in the latest versions of spring cloud, you just have to set the encrypt.key property in the bootstap.yml(or .properties) with the required key (it is recommended to set the key as an OS environmental variable and reference the variable in your file. This is for more security)

但是，当您发现引导程序文件中的属性不再导入时.您必须将以下依赖项添加到您的 pom 文件中才能加载该文件中的属性:

However, as you discovered the properties in the bootsrap file are no more imported. You must add the following dependency into your pom file for the properties in that file to be loaded:

<dependency>
      <groupId>org.springframework.cloud</groupId>
      <artifactId>spring-cloud-starter-bootstrap</artifactId>
</dependency>

完成此操作后，一切都会顺利进行.

After having done this every thing will work smoothly.

这篇关于Spring Cloud Config 不解密配置服务器密码的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！