我正在研究Spring Cloud Config一段时间 . 我需要保护配置数据 . 根据Spring Cloud Documentation配置了server.jks并添加到classpath . 现在我能够加密和解密远程配置数据 .
为了使配置服务器安全,我添加了spring security starter并分配了凭据(密码已解密) . 由于某种原因,应用程序正在抛出它在类路径上没有密钥存储的激活 . 谷歌搜索了一段时间后,我发现密钥库应该去bootstrap.yml而不是application.yml . 这也不行,请指出我在这里缺少的东西 .
请在git SpringConfigData中找到yml文件
例外
java.lang.IllegalStateException: Cannot decrypt: key=security.user.password
at org.springframework.cloud.bootstrap.encrypt.EnvironmentDecryptApplicationInitializer.decrypt(EnvironmentDecryptApplicationInitializer.java:195) ~[spring-cloud-context-1.1.0.BUILD-SNAPSHOT.jar:1.1.0.BUILD-SNAPSHOT]
at org.springframework.cloud.bootstrap.encrypt.EnvironmentDecryptApplicationInitializer.decrypt(EnvironmentDecryptApplicationInitializer.java:164) ~[spring-cloud-context-1.1.0.BUILD-SNAPSHOT.jar:1.1.0.BUILD-SNAPSHOT]
at org.springframework.cloud.bootstrap.encrypt.EnvironmentDecryptApplicationInitializer.initialize(EnvironmentDecryptApplicationInitializer.java:94) ~[spring-cloud-context-1.1.0.BUILD-SNAPSHOT.jar:1.1.0.BUILD-SNAPSHOT]
at org.springframework.cloud.bootstrap.BootstrapApplicationListener$DelegatingEnvironmentDecryptApplicationInitializer.initialize(BootstrapApplicationListener.java:333) ~[spring-cloud-context-1.1.0.BUILD-SNAPSHOT.jar:1.1.0.BUILD-SNAPSHOT]
at org.springframework.boot.SpringApplication.applyInitializers(SpringApplication.java:640) [spring-boot-1.3.3.RELEASE.jar:1.3.3.RELEASE]
at org.springframework.boot.SpringApplication.createAndRefreshContext(SpringApplication.java:343) [spring-boot-1.3.3.RELEASE.jar:1.3.3.RELEASE]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:307) [spring-boot-1.3.3.RELEASE.jar:1.3.3.RELEASE]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:1191) [spring-boot-1.3.3.RELEASE.jar:1.3.3.RELEASE]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:1180) [spring-boot-1.3.3.RELEASE.jar:1.3.3.RELEASE]
at com.test.TestConfigServerApplication.main(TestConfigServerApplication.java:12) [classes/:na]
Caused by: java.lang.UnsupportedOperationException: No decryption for FailsafeTextEncryptor. Did you configure the keystore correctly?
at org.springframework.cloud.bootstrap.encrypt.EncryptionBootstrapConfiguration$FailsafeTextEncryptor.decrypt(EncryptionBootstrapConfiguration.java:151) ~[spring-cloud-context-1.1.0.BUILD-SNAPSHOT.jar:1.1.0.BUILD-SNAPSHOT]
at org.springframework.cloud.bootstrap.encrypt.EnvironmentDecryptApplicationInitializer.decrypt(EnvironmentDecryptApplicationInitializer.java:187) ~[spring-cloud-context-1.1.0.BUILD-SNAPSHOT.jar:1.1.0.BUILD-SNAPSHOT]
... 9 common frames omitted
1 回答
而不是使用环境变量传递bootstrap.yml .
-Dencrypt.keyStore.location = classpath:/server.jks -Dencrypt.keyStore.password = springcloudconfigserver -Dencrypt.keyStore.alias = springcloudconfigserver -Dencrypt.keyStore.secret = springcloudconfigserver
Config Server无法在bootstrap.yml中找到属性以实现非对称安全性 . 对称的工作得很好