Spring boot cloud config encrypt keystore password

Question

The issue is for sure known. But i cannot find any solution. I'm using spring boot cloud config server to serve all properties values (encrypted) by {cipher} expression. It uses keystore located in the same system. But password to the keystore is in plain text. The question is there a possibility to some how encrypt the keystore password?

Thanks in advance!

score 3 · Answer 1 · edited May 23 '17 at 12:13

3

Encrypting the keystore password would require configuring a key for decryption which itself would have to be stored unencrypted, so there's no use in that.

I think the best way would be setting the keystore password as an environment variable (as described in this post or this SO question).

edited May 23 '17 at 12:13

Community

1
1

answered Nov 11 '16 at 22:48

Quagaar

1,257
12
21

score 1 · Answer 2 · edited Nov 28 '17 at 07:17

1

I completely agree with @Quagaar that the best way is to actually store it in an environment variable and have the application.properties read from there. Something like server.ssl.key-store-password=${KEY_STORE_PASSWORD} and set the environment variable in the run configurations for IDE or Export command on your terminal.

edited Nov 28 '17 at 07:17

mc01

3,750
19
24

answered Nov 28 '17 at 06:18

Pavan Anumula

21
2

score 0 · Answer 3 · answered Oct 05 '18 at 17:11

Its like creating a key for another key using a passphrase, multiple times you do that still will end having some passphrase in repository (like bitbucket).

Better to encrypt all passwords using config server encrypt.key: "{$somepassphrase}" and store this passphrase(master key) as env variable and pass it using Jenkins while generating a pipeline.

Spring boot cloud config encrypt keystore password

3 Answers3

Linked