Spring Cloud Config Server - 在哪里设置encrypt.key以启用/加密端点

Question

I have a Spring Cloud Config app with the Spring Cloud Security dependencies. I'm trying to hit the /encrypt endpoint to encrypt a password.

According to the docs at http://cloud.spring.io/spring-cloud-config/spring-cloud-config.html#_key_management I believe I need to set a symmetric key using "encrypt.key". But I can't figure out where to put this; all combinations I've tried result in {"description":"No key was installed for encryption service","status":"NO_KEY"} when I attempt to POST to /encrypt.

If I POST a key to /key, the /encrypt works perfectly, so I'm pretty sure that everything else is setup correctly. It also works fine using the environment variable ENCRYPT_KEY, or by using a system property encrypt.key. I just can't figure out where to place the encrypt.key within a configuration file. Is there a sample on this?

Answer 1

Thanks @pVilaca, this is indeed what the documentation says, but setting the key in application.properties or application.yml won't work.

Through experimentation I've found that the only place you can set the encrypt.key property is an ENCRYPT_KEY environment variable, a system property, bootstrap.properties, bootstrap.yml, or calling the /key endpoint.

Not sure why application.properties or application.yml don't work in this case. Setting this key must have more of an impact on the startup process than it would appear.

Answer 2

Setting Spring Cloud Version to 'Brixton.SR5' worked for me. For some reason, setting 'encrypt.key' in either application.properties/yml or bootstrap.properties/yml in later Spring Cloud Version does not work anymore.

Answer 3

check properties tag of pom.xml file. If you are using version 2 or 3 of Dalston, change it to:

<spring-cloud.version>Dalston.SR1</spring-cloud.version>

and it should be working fine. In my case i was using version 3 and changing it to version 1 resolved the issue for me.

Reference: https://github.com/spring-cloud/spring-cloud-config/issues/767

Answer 4

If you're using spring cloud with spring boot, that is the method that is described on the documentation that you mentioned, you've two 'main' properties files.

• bootstrap.[properties,yml]

  To modify the startup behaviour you can change the location of the config server using bootstrap.properties (like application.properties but for the bootstrap phase of an application context)

• application.[properties,yml]

  where the "application" is injected as the "spring.config.name" in the SpringApplication (ie what is normally "application" in a regular Spring Boot app)

source: Spring Cloud Config Documentation

So, it should be enough to set the encrypt.key in your application.[properties,yml] file (or the alternative name if specified)