I am trying to encrypt the passwords in my application.yml file symmetrically or asymmetrically.
I added the following dependencies and made a request to the /encrypt endpoint. but I get 404 not found result. i couldn't understand why
Related
I create a Spring Cloud Config server. I put security in my application.properties file
security.basic.enabled=false
security.user.name=1user
security.user.password=123
When I try to log to the application with the name and password, I always get
Bad credentials
I tried to put enabled to true but get same result. I saw in the command line then spring generate random password like
69dfeb52-6320-4085-bcd1-22ee7a3676a2
if I use with with username user, I can connect.
>
Hi Robert Trudel
If you are using Spring Boot 2.x, then you need to prefix these properties with spring
as shown below:
spring.security.user.name=1user
spring.security.user.password=123
Also, you do not need this security.basic.enabled=false.
Hope this helps!
The spring cloud config server can serve plain text files as described here: https://cloud.spring.io/spring-cloud-config/multi/multi__serving_plain_text.html
I am able to get the plain text file if I curl the cloud server url as
curl http://config.server:8001/config-server/ConfigData/default/master/plainTxtFile.json (file is in private github repo.)
So in a spring boot application, which uses config server as to get the configuration I can also get the file by accessing the above url via code.
Is there a way where I can define a 'configClient' and access file as configClient.getResource(), rather than getting it from url
No, unfortunately:
This was not implemented in the open source project.
See: https://github.com/spring-cloud/spring-cloud-config/issues/789
I'm trying to user encrypt feature of spring cloud config server. I'v generated a keystore and set required config in application.properties
i'm able to user /encrypt and /decrypt endpoints to encrypt and decrypt value.
However encrypted values are not decrypted by config server before sending them to client!
encrypt.key-store.location=classpath:/config-server.jks
encrypt.key-store.alias=config-server-key
encrypt.key-store.password=changeit
encrypt.key-store.secret=changeit
In my .yml file i've
message: '{cipher}AgAAeBKZOOQ3aM...'
What i'm missing?
i was able to fix my issue: instead of putting confi properties in application.properties, i had to set them in bootstrap.properties.
encrypt.key-store.location=classpath:/config-server.jks
encrypt.key-store.alias=config-server-key
encrypt.key-store.password=changeit
encrypt.key-store.secret=changeit
We use spring cloud config as configuration tool. We store passwords and other sensitive things in the config git repository. We encrypt the config using Spring /encrypt endpoint and put the values in config.
There is an endpoint /env which returns all the properties. The problem here is, the values which are encrypted returned as plain text. Is there way, we make the endpoint to return encrypted value instead of plain text.
Disable server-side decryption by setting the following property:
spring.cloud.config.server.encrypt.enabled: false
The /env endpoint is an actuator endpoint added by Spring Cloud Config. You should take the usual steps to secure the actuator endpoints so as not to allow unwanted access.
You can set endpoints.configprops.keys-to-sanitize to whatever pattern you need. The default is password,secret,key,token,.*credentials.*,vcap_services Keys can be simple strings that the property ends with or regex expressions.
Refer: this
I am new to using config server for getting external configuration from Github repository.
In my application.yml file of spring boot application I have used below piece of lines and it works fine when I comment JWT authentication part in my application, spring boot application can fetch updated configurations from github repository.
security:
basic:
enabled: false
management:
security:
enabled: false
My question is what if I don't include above code in my yml file, will it work fine? because when i remove above lines, it throws 401 unauthorized error.
Second thing my spring boot application is secured with JWT authentication, when I enable my JWT authentication with yml file having above piece of code, then on providing valid token also it gives 403 forbidden error.
Someone please guide me how resolve this, I am trying to resolve this from last 1 week but no luck. Thanks in advance.
I believe you have <artifactId>spring-boot-starter-security</artifactId> as a dependency in your POM.xml and therefore you will always get a 401 Unauthorized if you do not provide the default password (which you can see in logs on service startup) and if you have removed that config from your bootstrap.yml
If you are getting a 403 Forbidden, then it means that the user was able to login with credentials (means authenticated successfully) but is not "authorized" to do the action being performed. Check the roles of the user(log them or debug).