[英]Can't decrypt property from spring cloud config or environment variable
I'm trying to get my KMS library, found here , to decrypt items from my application.yml that come from either the google cloud config server or an environment variable. 我试图获取我的KMS库(可在此处找到) ,以解密来自Google Cloud配置服务器或环境变量的application.yml中的项目。
In playing around I've tried a number of scenarios to get this to work. 在游戏中,我尝试了多种方案来使其正常工作。 Ideally I'd like to be able to do something like:
理想情况下,我希望能够执行以下操作:
username: '{cipher}${db_username}
where ${db_username}
is either a property I read in from google cloud config or an environment variable. username: '{cipher}${db_username}
,其中${db_username}
是我从Google云配置读取的属性或环境变量。
So far what I've tried: 到目前为止,我已经尝试过:
✅ username: ${username}
-> Successfully reads the plain text property from either the cloud config or environment variable successfully. username: ${username}
->成功从云配置或环境变量成功读取纯文本属性。 (no encryption) (不加密)
✅ username: '{cipher}MyEncodedString'
-> Success - decodes the provided inline string ✅
username: '{cipher}MyEncodedString'
->成功-解码提供的内联字符串
❗️ username: '{cipher}${username}'
-> I believe this is trying to use the literal string ${username}
username: '{cipher}${username}'
->我相信这是在尝试使用文字字符串${username}
❗️ username: '{cipher}'${username}
-> invalid format / can't read ❗️
username: '{cipher}'${username}
->格式无效/无法读取
Since I can see that my decode is working when I put the string inline I don't believe this to be an issue with the decoder. 因为当我将字符串插入行中时可以看到我的解码正常,所以我认为这与解码器无关。
I may also be dumb and this is not a scenario I'd ever want to do, but it seems logical to me that I'd store these in a config area and let the application / profile pull in and decrypt what it needs. 我可能也很愚蠢,这不是我想做的事情,但是对我来说,将它们存储在配置区域中并让应用程序/配置文件插入并解密所需内容似乎是合乎逻辑的。
If it makes a difference, and at this point I don't feel it does, I'm attempting to do all of this on Google Cloud Run + Java + Jib 如果它有所作为,但目前为止我还没有意识到,我正在尝试在Google Cloud Run + Java + Jib上进行所有操作
can you try to use properties file. 您可以尝试使用属性文件吗? properties file doesn't require single quotes for {cipher}.
属性文件不需要{cipher}的单引号。 less chances but can work.
机会较少,但可以工作。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.