1. Introduction
In previous tutorials, we have kept properties in plain text. But this is not always desirable. If you have sensitive information, you should keep such information in encrypted format not as plain text.
In this tutorial, we’ll see how to encrypt and decrypt properties in Spring Cloud Config Server.
2. Provide encryption key
To encrypt properties in Spring Cloud Config Server, we’ll provide an encryption key. Let us keep this encryption key some random alphanumeric key. Following is the sample application.yml
:
server: port: 8085 spring: application: name: configserver profiles: active: git cloud: config: server: git: uri: "https://github.com/learnitweb/spring-cloud-config.git" default-label: main timeout: 5 clone-on-start: true force-pull: true encrypt: key: "435J7KSHD9374KCBKF7SLHF8"
This will expose two endpoints to encrypt and decrypt properties:
- localhost:8085/encrypt
- localhost:8085/decrypt
Both these methods are POST.
Let’s pass a value to localhost:8085/encrypt
with value learnitweb@gmail.com
in the body.
The response will be something like this:
b50060da21d59d04c5ac69d444ae214078202dd6ee76ffce9baa5c8d450890eab1c2586ded90fe0d9a9164d7470e1cc2
Similarly, if you call localhost:8085/decrypt
with the earlier encrypted value b50060da21d59d04c5ac69d444ae214078202dd6ee76ffce9baa5c8d450890eab1c2586ded90fe0d9a9164d7470e1cc2
, you will get the original value learnitweb@gmail.com
.
3. Encrypt property
To save the property in the encrypted format, provide the encrypted value in the configuration file prefixed with {cipher}
. This tells the Spring to decrypt the value while providing the value to the client.
build: version: 1.1 application: message: Service1 application message - Prod environment email: "{cipher}9088a6dcafbba432d10585da0c0f3c5bec65b463e57896c9b405d636d74e4ac5dff590ec172b8645492837e298155c74"
4. Test the setup
Now start the client application. The client should be able to get the configuration as earlier.
5. Conclusion
In this tutorial, we’ve explored the process of encrypting and decrypting properties in Spring Cloud Config Server. We started with understanding the need for securing sensitive configuration data and then walked through the steps to enable encryption and decryption in a Spring Cloud Config Server setup.
By leveraging Spring Cloud Config Server’s encryption and decryption capabilities, you can ensure that sensitive information such as passwords, API keys, and other confidential data are securely stored and transmitted.