Preface
We will use git to save the configuration file of our project, but there is always some sensitive data in the file. For these sensitive data, we usually need to encrypt it. There are usually two encryption methods for encryption, one is symmetric encryption and the other is asymmetric encryption. Symmetric encryption is simple and convenient, but the security is not as high as asymmetric encryption. Asymmetric encryption requires a certificate to be generated, which is relatively safe. But remember that there is no absolute security.
Configure the environment
java8 jce
The encryption and decryption of config server requires dependency on java Cryptography Extension (jce)
Installation method: You can refer to the README inside, it is actually very simple: replace the two jars under the /jre/lib/security directory under jdk.
Config Server Configuration
Symmetric encryption configuration test
Configure in application.yml
encrypt:
key:'***Write the key here***'
Test post
encryption:
curl http://localhsot:8080/enrypt -d mysercet
As a result, a long list of fdasfa2341sdfa134214...
Decryption:
curl http://localhost:8080/decrypt -d fdasfa2341sdfa134214….
MyServet will come out
Can use postman test
Asymmetric encryption test
Need a certificate of creation
Execute the command under cmd
keytool -genkeypair -alias mytestkey -keyalg RSA -dname "CN=Web Server,OU=Unit,O=Organization,L=City,S=State,C=US" -keypass changeme -keystroe server.jks -storepass letmein1
Copy the server.jks file to the classpath under the project
config server configuration
Configure in application.yml
encrypt: key-store: location: server.jks password: letmein alias: mytestkey secret: changeme
Test post
encryption:
curl http://localhsot:8080/enrypt -d mysercet
As a result, a long list of fdasfa2341sdfa1,34214fdafd2341=….
Decryption:
curl http://localhost:8080/decrypt -d fdasfa2341sdfa1,34214fdafd2341=….
MyServet will come out
Can use postman test
Store encrypted content
Store in {cipher} ciphertext
#spring.datasource.password={cipher}3b6e65af8c10d2766dba099a590496a18cfd816ef9190c983bb56249595ae3f0spring.datasource.password={cipher}AQCActlsAycDFYRsGHzZ8Jw2S6GO9oeqJSCcm//HenrqiuO7zSo3/vg9BeXL8xwiyIXtKcp2JN8hnrM4NTyyJDIjxhcCbJMjuGrrFJ2FdO5oJWmksymkP5EOXE6Mjg xVqHh/tc+06TMBQj2xqEcfCO3jBDPxcR88Ci+VXe63xDIVgvAV9IYmCxlfXOCH31bBlK7j5FXJ8pPLUKgXwaDGzaA5QfqMCGduOfC0AQ+iA0QEW7SdDnwChLNwCHEBfQceW AE7qt6zasiRFZeZt+waOp8rI1u+4CYcTjnV1iSdXwN5j1lhcsoiIpViNx8kbsxhcmpCzdg3bGrS1e/Pzq8CjHmV7IRRS9BfgR6K7wuyjue4SO2ZUtMbZAE5V2NHb3XsqeY=Summarize
The above is the Spring cloud config configuration file encryption method introduced to you by the editor. I hope it will be helpful to you. If you have any questions, please leave me a message and the editor will reply to you in time. Thank you very much for your support to Wulin.com website!