diff --git a/docs/src/main/asciidoc/spring-cloud-config.adoc b/docs/src/main/asciidoc/spring-cloud-config.adoc index 006d6910..5c3453a0 100644 --- a/docs/src/main/asciidoc/spring-cloud-config.adoc +++ b/docs/src/main/asciidoc/spring-cloud-config.adoc @@ -287,8 +287,9 @@ your `application.yml` for the Config Server: encrypt: keyStore: location: classpath:/server.jks - alias: mytestkey password: letmein + alias: mytestkey + secret: changeme ---- === Embedding the Config Server diff --git a/spring-cloud-config-client/src/main/java/org/springframework/cloud/bootstrap/encrypt/EncryptionBootstrapConfiguration.java b/spring-cloud-config-client/src/main/java/org/springframework/cloud/bootstrap/encrypt/EncryptionBootstrapConfiguration.java index 4751d2d3..fde82d58 100644 --- a/spring-cloud-config-client/src/main/java/org/springframework/cloud/bootstrap/encrypt/EncryptionBootstrapConfiguration.java +++ b/spring-cloud-config-client/src/main/java/org/springframework/cloud/bootstrap/encrypt/EncryptionBootstrapConfiguration.java @@ -40,7 +40,7 @@ import org.springframework.util.StringUtils; * */ @Configuration -@ConditionalOnClass({TextEncryptor.class, RsaSecretEncryptor.class}) +@ConditionalOnClass({ TextEncryptor.class, RsaSecretEncryptor.class }) @EnableConfigurationProperties(KeyProperties.class) public class EncryptionBootstrapConfiguration { @@ -65,8 +65,8 @@ public class EncryptionBootstrapConfiguration { if (keyStore.getLocation() != null && keyStore.getLocation().exists()) { return new RsaSecretEncryptor( new KeyStoreKeyFactory(keyStore.getLocation(), keyStore - .getPassword().toCharArray()).getKeyPair(keyStore - .getAlias())); + .getPassword().toCharArray()).getKeyPair( + keyStore.getAlias(), keyStore.getSecret().toCharArray())); } return new EncryptorFactory().create(key.getKey()); } @@ -94,7 +94,8 @@ public class EncryptionBootstrapConfiguration { if (encryptor == null) { encryptor = new FailsafeTextEncryptor(); } - EnvironmentDecryptApplicationInitializer listener = new EnvironmentDecryptApplicationInitializer(encryptor); + EnvironmentDecryptApplicationInitializer listener = new EnvironmentDecryptApplicationInitializer( + encryptor); listener.setFailOnError(key.isFailOnError()); return listener; } diff --git a/spring-cloud-config-client/src/main/java/org/springframework/cloud/bootstrap/encrypt/KeyProperties.java b/spring-cloud-config-client/src/main/java/org/springframework/cloud/bootstrap/encrypt/KeyProperties.java index 4b213624..d3d3b11e 100644 --- a/spring-cloud-config-client/src/main/java/org/springframework/cloud/bootstrap/encrypt/KeyProperties.java +++ b/spring-cloud-config-client/src/main/java/org/springframework/cloud/bootstrap/encrypt/KeyProperties.java @@ -56,6 +56,7 @@ public class KeyProperties { private Resource location; private String password; private String alias; + private String secret; public String getAlias() { return alias; @@ -81,5 +82,13 @@ public class KeyProperties { this.password = password; } + public String getSecret() { + return secret==null ? password : secret; + } + + public void setSecret(String secret) { + this.secret = secret; + } + } } \ No newline at end of file diff --git a/spring-cloud-config-client/src/test/java/org/springframework/cloud/bootstrap/encrypt/EncryptionBootstrapConfigurationTests.java b/spring-cloud-config-client/src/test/java/org/springframework/cloud/bootstrap/encrypt/EncryptionBootstrapConfigurationTests.java new file mode 100644 index 00000000..52c654ba --- /dev/null +++ b/spring-cloud-config-client/src/test/java/org/springframework/cloud/bootstrap/encrypt/EncryptionBootstrapConfigurationTests.java @@ -0,0 +1,24 @@ +package org.springframework.cloud.bootstrap.encrypt; + +import static org.junit.Assert.assertEquals; + +import org.junit.Test; +import org.springframework.boot.builder.SpringApplicationBuilder; +import org.springframework.context.ConfigurableApplicationContext; +import org.springframework.security.crypto.encrypt.TextEncryptor; + +public class EncryptionBootstrapConfigurationTests { + + @Test + public void rsaKeyStore() { + ConfigurableApplicationContext context = new SpringApplicationBuilder( + EncryptionBootstrapConfiguration.class).web(false).properties( + "encrypt.keyStore.location:classpath:/server.jks", + "encrypt.keyStore.password:letmein", + "encrypt.keyStore.alias:mytestkey", "encrypt.keyStore.secret:changeme") + .run(); + TextEncryptor encryptor = context.getBean(TextEncryptor.class); + assertEquals("foo", encryptor.decrypt(encryptor.encrypt("foo"))); + } + +} diff --git a/spring-cloud-config-client/src/test/resources/server.jks b/spring-cloud-config-client/src/test/resources/server.jks new file mode 100644 index 00000000..560be5fe Binary files /dev/null and b/spring-cloud-config-client/src/test/resources/server.jks differ