From f99fee58a407d76075b0377348eb92048b0343d2 Mon Sep 17 00:00:00 2001 From: Dave Syer Date: Fri, 18 Mar 2016 11:58:51 +0000 Subject: [PATCH] Clarify client-side decryption --- docs/src/main/asciidoc/spring-cloud-config.adoc | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/docs/src/main/asciidoc/spring-cloud-config.adoc b/docs/src/main/asciidoc/spring-cloud-config.adoc index f14ddee7..da7b8601 100644 --- a/docs/src/main/asciidoc/spring-cloud-config.adoc +++ b/docs/src/main/asciidoc/spring-cloud-config.adoc @@ -434,7 +434,18 @@ TIP: the `{name:value}` prefixes can also be added to plaintext posted to the `/encrypt` endpoint, if you want to let the Config Server handle all encryption as well as decryption. -=== Embedding the Config Server +=== Serving Encrypted Properties + +Sometimes you want the clients to decrypt the configuration locally, +instead of doing it in the server. In that case you can still have +/encrypt and /decrypt endpoints (if you provide the `encrypt.*` +configuration to locate a key), but you need to explicitly switch off +the decryption of outgoing properties using +`spring.cloud.config.server.encrypt.enabled=false`. If you don't care +about the endpoints, then it should work if you configure neither the +key nor the enabled flag. + +== Embedding the Config Server The Config Server runs best as a standalone application, but if you need to you can embed it in another application. Just use the