Use symmetric encryption to encrypt the Spring Cloud config profile

Brief introduction

In a real-world project environment, we do not store confidential text such as passwords in plaintext in the configuration file in case of theft. Spring Cloud Config provides an encryption method for encrypting plaintext text encrypted into ciphertext stored in a configuration file. Spring Cloud Config provides two types of encryption and decryption, one is symmetric encryption, and the other is asymmetric encryption. This article will show you how to use symmetric encryption first.

Introduction to Symmetric cryptography

Symmetric encryption means that both sides of the communication use the same key (key) to encrypt and decrypt the text. It has two kinds of encryption methods:

• Stream Cipher. The text is encrypted byte by bit or verbatim.
• Block Cipher. The bytes of a certain length (block size) are encrypted into a single unit, not sufficient in length or as placeholders for block size multiples.

Symmetric encryption is a simpler way to encrypt and decrypt text as long as both parties have the same key. However, the disadvantage of symmetric encryption is that the source can not be authenticated, that is, if Alice and Bob are communicating, Alice uses key to pass the encrypted text to Bob, but was intercepted by Eve to the ciphertext, and Eve the cipher forward to Bob, let Bob mistakenly think Eve is Alice, It can then cause data leaks.

Project Source

Gitee Code Cloud

Configure Configserver

First, we need to set up an encryption key, in our project in configserver the bootstrap.yml configuration file to add the following configuration:

encrypt:  key: Thisismysecretkey

Test

We use this key to encrypt one of our web-client test items. Spring Cloud Config provides a terminal path for encrypting and decrypting, /encrypt and /decrypt . Start configserver , and then we use /encrypt this terminal to encrypt our test text:

curl localhost:8888/encrypt -d 12345678

The returned result is (the result will be different each time):

94c1027141add9844ec47f0be13caebb6b38ed1dcf99811b1a5cd2b874c64407

Then in our remote config repository, modify web-client.yml the configuration and add a new configuration:

test:  password:‘{cipher}94c1027141add9844ec47f0be13caebb6b38ed1dcf99811b1a5cd2b874c64407‘

The quotation marks here are required and then {cipher} indicate that the data item is ciphertext. Then we can verify the decryption:

curl localhost:8888/decrypt -d 94c1027141add9844ec47f0be13caebb6b38ed1dcf99811b1a5cd2b874c64407

Under normal circumstances will get our 12345678 characters. Then we access web-client.yml the configuration file via URL, and we get the following result:

{    "Name": "Web-client",    "Profiles": [        "Default"    ],    "Label": NULL,    "Version": "6b73c56449acee907fcf37e50892a3afddbf6335",    "State": NULL,    "Propertysources": [        {            "Name": "Https://gitee.com/zxuqian/spring-cloud-config-remote/web-client.yml",            "Source": {                "Message": "This message comes from the remote configuration warehouse",                "Management.endpoints.web.exposure.include": "*",                "Test.password": "12345678"            }        }    ]}

You will see the decrypted test.password for 12345678 .

Welcome to my blog: Zhang Xu's Blog

Use symmetric encryption to encrypt the Spring Cloud config profile