[英]Spring cloud loading keystore from classpath vs file
I have a spring cloud config server that uses keystore to decrypt values from git server.我有一个 spring 云配置服务器,它使用密钥库来解密来自 git 服务器的值。 If I reference the keystore using file path, it works as expected and decrypts the {cipher} values.
如果我使用文件路径引用密钥库,它会按预期工作并解密 {cipher} 值。 However, if I try to load the keystore from classpath it stops working with this error : CipherEnvironmentEncryptor.decrypt - Cannot decrypt key: username (class java.lang.IllegalStateException: Cannot load keys from store: class path resource [mykey.p12])
但是,如果我尝试从类路径加载密钥库,它会因以下错误而停止工作:CipherEnvironmentEncryptor.decrypt - 无法解密密钥:用户名(类 java.lang.IllegalStateException:无法从存储加载密钥:类路径资源 [mykey.p12])
Im setting the encrypt properties on the class instead of yaml since I need to lookup different passwords from external vault system for dev/prod keystores.我在类上设置加密属性而不是 yaml,因为我需要从外部保管库系统中查找不同的密码以获取 dev/prod 密钥库。
I can also see p.12 file under target/classes after the build, so it is not filtered out during the build.构建后我还可以在target/classes下看到p.12文件,所以它在构建过程中没有被过滤掉。 Not sure what I'm missing.
不知道我错过了什么。
SpringApplication sa = new SpringApplication(Myclass.class);
Properties springProperties = new Properties();
springProperties.setProperty("encrypt.enabled", "true");
springProperties.setProperty("encrypt.key-store.location", "file:///Users/user/IdeaProjects/project/src/main/resources/configuration/mykey.p12"); //working fine
springProperties.setProperty("encrypt.key-store.location", "classpath:/configuration/mykey.p12"); //does not work
springProperties.setProperty("encrypt.key-store.type", "PKCS12");
springProperties.setProperty("encrypt.key-store.password", "password");
springProperties.setProperty("encrypt.key-store.secret", "password");
springProperties.setProperty("encrypt.key-store.alias", "vault");
sa.setDefaultProperties(springProperties);
sa.run(args);
Using使用
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-config-server</artifactId>
<version>2.2.0.RELEASE</version>
<name>spring-cloud-config-server</name>
My issue was actually related to this : generated certificate stops working when moved to resources folder我的问题实际上与此有关: 生成的证书在移动到资源文件夹时停止工作
I had maven filtering configuration on the resources which was corrupting the final p12 file.我对破坏最终 p12 文件的资源进行了 maven 过滤配置。 For now I just moved files that need filtering to another resource directory and it works.
现在我只是将需要过滤的文件移动到另一个资源目录并且它可以工作。
<resources>
<resource>
<directory>src/main/resources</directory>
</resource>
<resource>
<directory>src/main/resources-filtered</directory>
<filtering>true</filtering>
<includes>
<include>*.yml</include>
<include>logback.xml</include>
</includes>
</resource>
</resources>
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.