Spring-cloud-config: Spring cloud client issue with decryption locally

Created on 15 Apr 2016  路  7Comments  路  Source: spring-cloud/spring-cloud-config

we are trying to decrypt some of the properties locally before connecting to spring configserver.
as per the cloud documention we use the key and encrypt.* properties in our local application.yml and additionally added spring-security-rsa in our maven pom. we found its not able to load the key while startup and seems always throwing

java.lang.UnsupportedOperationException: No decryption for FailsafeTextEncryptor. Did you configure the keystore correctly?
    at org.springframework.cloud.bootstrap.encrypt.EncryptionBootstrapConfiguration$FailsafeTextEncryptor.decrypt(EncryptionBootstrapConfiguration.java:149)
    at org.springframework.cloud.bootstrap.encrypt.EnvironmentDecryptApplicationInitializer.decrypt(EnvironmentDecryptApplicationInitializer.java:91)

when we tried in debug we observed the TextEncryptor locally is not loaded with any of the values.
any suggestions or is this really works ?

Most helpful comment

Hi,

I had a problem with the same result ( which I solved by replacing in bootstrap.yml "key-store" by "keyStore"). It seems the spring boot condition org.springframework.cloud.bootstrap.encrypt.EncryptionBootstrapConfiguration$KeyCondition only recognise encrypt.keyStore.location and encrypt.keyStore.password

if (hasProperty(environment, "encrypt.keyStore.location")) {
                if (hasProperty(environment, "encrypt.keyStore.password")) {
                    return ConditionOutcome.match("Keystore found in Environment");
                }
                return ConditionOutcome
                        .noMatch("Keystore found but no password in Environment");
            }

My version is 1.1.2.RELEASE.

Regards

All 7 comments

You should put the properties in bootstrap.yml if you're using config server.

for eg : if iam using appA ( spring boot ) --> connecting to ( spring config server ). iam able to load properties from configserver for appA. ( no problem with this approach )

scenario :
if i have a encrypted property which is local to appA and iam not connecting to configserver., but when i startup my appA i heard from spring cloud doc where with same encrypt.* properties in our local application yml ( which is here appA) i should be able to decrypt if i additionally add (rsa dependency).

but when i startup iam always seeing the error during decryption of that local {cipher}XXX property.

Did you put the encrypt.* properties in bootstrap.yml?

no i placed the encrypt.* in application.yml

@praveenit219 try to add _encrypt.key (_ same value than _encrypt.keyStore.secret)_ in _"bootstrap.yml"_. http://projects.spring.io/spring-cloud/spring-cloud.html#_key_management

config encrypt.* properties in bootstrap.yaml.

Hi,

I had a problem with the same result ( which I solved by replacing in bootstrap.yml "key-store" by "keyStore"). It seems the spring boot condition org.springframework.cloud.bootstrap.encrypt.EncryptionBootstrapConfiguration$KeyCondition only recognise encrypt.keyStore.location and encrypt.keyStore.password

if (hasProperty(environment, "encrypt.keyStore.location")) {
                if (hasProperty(environment, "encrypt.keyStore.password")) {
                    return ConditionOutcome.match("Keystore found in Environment");
                }
                return ConditionOutcome
                        .noMatch("Keystore found but no password in Environment");
            }

My version is 1.1.2.RELEASE.

Regards

Was this page helpful?
0 / 5 - 0 ratings