You can secure it by adding encrypting and decrypting properties
You need to provide jks for securely encrypting and decrypting them
Spring cloud config server supports symmetric and asymmetric keys
To configure a symmetric key, you need to set encrypt.key
to a secret String (or use the ENCRYPT_KEY
environment variable to keep it out of plain-text configuration files).
For asymmetric you need to provide in bootsrap.yml such properties:
server:
port: 8888
spring:
cloud:
config:
server:
git:
uri: your git url or your local repository on file system
username: username for git or bitbucket if needed
password: password
clone-on-start: true this property will clone all repo localy on starttup
force-pull: true
application:
name: config-server
encrypt:
key-store:
location: jks location
password: letmein
alias: mytestkey
secret: changeme
For generating jks you need to execute this command
keytool -genkeypair -alias mytestkey -keyalg RSA \
-dname "CN=Web Server,OU=Unit,O=Organization,L=City,S=State,C=US" \
-keypass changeme -keystore server.jks -storepass letmein
Actually java by default has a limitation on certain key length parameters.
Its 128 bit by default.
To use key more key length you just need replace existing local_policy.jar
and US_export_policy.jar
in <java-home>/lib/security
Here is link for download :
https://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html
And also you can encrypt and decrypt your properties by such endpoints :
curl config_server_host:port/encrypt-d your data to be encrypted
curl config_server_host:port/decrypt -d your data to be decrypted // this will automatically use this endpoint to decrypt values
//Both are http post requests
To use encryption by config server you need to provide such prefix in your configuration for your application which will get configs from config server:
'{cipher}your_encrypted_data'