Replenish
Using Spring Cloud Config encryption requires downloading the JCE extension to generate ciphertexts of infinite lengths. Link: http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html
After downloading, unzip and copy the two Jar packages obtained into the $JAVA_HOME/jre/lib/security directory.
Introduction
In a real project environment, we will not store confidential text such as passwords in the configuration file to prevent it from being stolen. Spring Cloud Config provides encryption methods to encrypt plaintext text into ciphertext stored in configuration files. Spring Cloud Config provides two encryption and decryption methods, one is symmetric encryption and the other is asymmetric encryption. This article will first show how to use symmetric encryption.
Introduction to Symmetric Encryption
Symmetric encryption means that both parties to the communication use the same key to encrypt and decrypt the text. It has two encryption methods:
Symmetric encryption is a relatively simple way. As long as both parties have the same key, they can complete the encryption and decryption of text. However, the disadvantage of symmetric encryption is that it cannot authenticate the source. That is, if Alice and Bob are communicating, Alice uses the key to pass the encrypted text to Bob, but Eve intercepts the ciphertext in the middle, and then Eve forwards the ciphertext to Bob, making Bob mistakenly think that Eve is Alice, which will cause data leakage.
Project source code
Gitee code cloud
Configure configserver
First, we need to set up a key for encryption and add the following configuration items to the bootstrap.yml configuration file in our configserver project:
encrypt: key: Thisismysecretkey
test
We use this key to encrypt a test item of our web-client. Spring Cloud Config provides encrypted and decrypted terminal paths, /encrypt and /decrypt. Start configserver, and then we encrypt our test text using /encrypt terminal:
curl localhost:8888/encrypt -d 12345678
The result returned is (the result will be different every time):
94c1027141add9844ec47f0be13caebb6b38ed1dcf99811b1a5cd2b874c64407
Then in our remote config repository, modify the web-client.yml configuration and add a new configuration:
test: password: '{cipher}94c1027141add9844ec47f0be13caebb6b38ed1dcf99811b1a5cd2b874c64407'The quotes here are required, and then {cipher} indicates that the data item is ciphertext. Then we can verify the decryption:
curl localhost:8888/decrypt -d 94c1027141add9844ec47f0be13caebb6b38ed1dcf99811b1a5cd2b874c64407
Under normal circumstances, we will get 12345678 characters. Then we access the web-client.yml configuration file through url and we will get the following result:
{ "name": "web-client", "profiles": [ "default" ], "label": null, "version": "6b73c56449acee907fcf37e50892a3afddbf6335", "state": null, "propertySources": [ { "name": "https://gitee.com/zxuqian/spring-cloud-config-remote/web-client.yml", "source": { "message": "This message comes from the remote configuration repository", "management.endpoints.web.exposure.include": "*", "test.password": "12345678" } } ]}You will see that the decrypted test.password is 12345678.
Summarize
The above is the method of using symmetric encryption for Spring Cloud Config configuration files introduced to you by the editor. I hope it will be helpful to you. If you have any questions, please leave me a message and the editor will reply to you in time. Thank you very much for your support to Wulin.com website!