0

I have question

  1. I added Secret Manager (I upload file certificate PKCS12) in GCP in this part.

enter image description here

  • I need to add in JVM the certificate.p12 (now I use java 8)

  • I call certificate value from spring boot this form:

    • ${sm://projects/MY_PROJECT_ID/secrets/MY_SECRET_NAME}
    • or
    • ${sm://MY_SECRET_NAME}

    In both case works, however the value comes from secret manager gcp is byte array.

    enter image description here

  1. Now in my spring code i used:

System.setProperty wait for string physical path (path/certificate.p12)

   System.setProperty("javax.net.ssl.keyStore", );

Could you help me, how to call secret manager certificate.p12 and to set in

javax.net.ssl.keyStore

In spring boot 2 or any ideas please.

Thanks.

Henry Xiloj Herrera
  • 124
  • 6

1 Answers1

0

Based on Read .DER value from GCP here in stackoverflow, I share my solution:

In my case. I have worked github Actions, Dockerfile, Kubernetes Engine:

then:

Step 1. In my Dockerfile, I create directory:

RUN mkdir my_certs
RUN chmod -R 777 my_certs

This directory will create in the POD.

Step 2. In my Spring code to call SM

fileName: my_certs/my_cert.p12
projectId: your_project_id (GCP project id)
secretCertName: your_secret_cert_name

Create void method.

try (SecretManagerServiceClient client = SecretManagerServiceClient.create()) {

        //save inside .p12 
        File file = new File(fileName);
        if (file.createNewFile()) {
            SecretVersionName secretVersionName = SecretVersionName.of(projectId, secretCertName, "latest");
            AccessSecretVersionResponse response = client.accessSecretVersion(secretVersionName);
            byte[] certValue = response.getPayload().getData().toByteArray();
            try (FileOutputStream stream = new FileOutputStream(file.getPath())) {
                stream.write(Base64.getMimeDecoder().decode(Base64.getEncoder().encode(certValue)));
            }
        }

    } catch (IOException e) {
        e.printStackTrace();
    }

Step 3. @SpringBootApplication set store values:

@PostConstruct
void postConstruct() {
    setStoreParams();
}

private void setStoreParams()  {
    //first create the file
    call your void method ("my_certs/my_cert.p12", projectId, secretCertName);

    System.setProperty("javax.net.ssl.keyStore", "my_certs/my_cert.p12");
    System.setProperty("javax.net.ssl.keyStorePassword", YOUR_Keystore_Password);
    System.setProperty("javax.net.ssl.keyStoreType", "PKCS12");
}

Step 4. otherwise if you use @Configuration annotation with KeyStore then:

//first create the file
    call your void method ("my_certs/my_cert.p12", projectId, secretCertName);

    KeyStore keyStore = KeyStore.getInstance("PKCS12");

    keyStore.load(new FileInputStream("my_certs/my_cert.p12"), YOUR_Keystore_Password.toCharArray());
Henry Xiloj Herrera
  • 124
  • 6