I am trying to encrypt and decrypt config properties using Spring config server and client. I have spring boot applications (server and client), using server I have encrypted password property and at client I am trying to decrypt it using same key but getting error. I am trying to enable the config server client to decrypt these properties initially encrypted by config server. Here are the steps I followed:
1. Install Full-strength JCE and replace 2 policy files in JRE lib/security
2. generate a key using keytool
keytool -genkeypair -alias config-server-key -keyalg RSA \
-keysize 4096 -sigalg SHA512withRSA -dname "CN=*.domain.com,OU=EUS,O=eusdom,L=City,S=WA,C=US" \
-keypass keyPass -keystore config-server.jks -storepass keys3crt
3. Added cloud security dependency to the pom file (added these in both config server and client pom )
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-rsa</artifactId>
<version>1.0.1.RELEASE</version>
</dependency>
4. Added the encryption related configurations (the same values used by config server and client) to the bootstrap.yml also tried with application.yml
encrypt:
key-store:
location: file:///D:/encrypt-server/config-server.jks
password: keyPass
alias: config-server-key
secret: keys3crt
5. My config server bootstrap looks like this
spring:
application:
name: config-service
cloud:
config:
server:
git:
uri: https://github.com/<>/spring-config-repo
encrypt:
enabled: false
server:
port: 8888
6. Encrypt the passWord property using config server
curl -X POST --data-urlencode d3v3L \ http://localhost:8888/encrypt
7. Try to decrypt the property using config server
curl http://localhost:8888/decrypt -d <encryptedVale>
I am getting below error
{"timestamp":1472667297292,"status":500,"error":"Internal Server Error","exception":"java.lang.IllegalStateException","message":"Cannot decrypt","path":"/decrypt"}
8. I try to print the encrypted property using config client (note : I have added the depenencies and encrypt key details as per 3,4)
@RefreshScope
@Component
@RestController
public class Greeter {
@Value("${cassandra.hostnames}")
String hostnames;
@Value("${cassandra.username}")
String userName;
@Value("${cassandra.password}")
String passWord;
@RequestMapping(value = "/", produces = "application/json")
public List<String> index(){
List<String> env = Arrays.asList(
"userName is: " + userName,
"passWord is: " + passWord,
);
return env;
}
}
- I am getting java.lang.IllegalStateException: Cannot decrypt: key=cassandra.password error
Note: I tried to decrypt in config server with out
encrypt:
enabled: false
Comment From: spencergibb
the value to /decrypt needs to be url encoded as well.
Comment From: RaphC
Try with
encrypt:
keyStore:
Regards
Comment From: spencergibb
Closing due to lack of requested feedback. If you would like us to look at this issue, please provide the requested information and we will re-open the issue.
Comment From: Anmol057
I'm facing the same issue while trying to upgrade to java 17 version. I have provided encrypt keystore values in my application.yml file. My application is connecting with config server still I'm facing similar error java.lang.IllegalStateException: Cannot decrypt: key=cassandra.password . Anyone knows how to resolve this?