Learnitweb

Encryption and Decryption of Properties in Spring Cloud Config Server

1. Introduction

In previous tutorials, we have kept properties in plain text. But this is not always desirable. If you have sensitive information, you should keep such information in encrypted format not as plain text.
In this tutorial, we’ll see how to encrypt and decrypt properties in Spring Cloud Config Server.

2. Provide encryption key

To encrypt properties in Spring Cloud Config Server, we’ll provide an encryption key. Let us keep this encryption key some random alphanumeric key. Following is the sample application.yml:

server:
  port: 8085
spring:
  application:
    name: configserver
  profiles:
    active: git
  cloud:
    config:
      server:
        git:
          uri: "https://github.com/learnitweb/spring-cloud-config.git"
          default-label: main
          timeout: 5
          clone-on-start: true
          force-pull: true
encrypt:
  key: "435J7KSHD9374KCBKF7SLHF8"

This will expose two endpoints to encrypt and decrypt properties:

  • localhost:8085/encrypt
  • localhost:8085/decrypt

Both these methods are POST.

Let’s pass a value to localhost:8085/encrypt with value learnitweb@gmail.com in the body.

The response will be something like this:

b50060da21d59d04c5ac69d444ae214078202dd6ee76ffce9baa5c8d450890eab1c2586ded90fe0d9a9164d7470e1cc2

Similarly, if you call localhost:8085/decrypt with the earlier encrypted value b50060da21d59d04c5ac69d444ae214078202dd6ee76ffce9baa5c8d450890eab1c2586ded90fe0d9a9164d7470e1cc2, you will get the original value learnitweb@gmail.com.

3. Encrypt property

To save the property in the encrypted format, provide the encrypted value in the configuration file prefixed with {cipher}. This tells the Spring to decrypt the value while providing the value to the client.

build:
  version: 1.1
  
application:
  message: Service1 application message - Prod environment
email: "{cipher}9088a6dcafbba432d10585da0c0f3c5bec65b463e57896c9b405d636d74e4ac5dff590ec172b8645492837e298155c74"

4. Test the setup

Now start the client application. The client should be able to get the configuration as earlier.

5. Conclusion

In this tutorial, we’ve explored the process of encrypting and decrypting properties in Spring Cloud Config Server. We started with understanding the need for securing sensitive configuration data and then walked through the steps to enable encryption and decryption in a Spring Cloud Config Server setup.

By leveraging Spring Cloud Config Server’s encryption and decryption capabilities, you can ensure that sensitive information such as passwords, API keys, and other confidential data are securely stored and transmitted.