Is your feature request related to a problem? Please describe. I would like to supply a custom TextEncryptor to encrypt the configuration properties. I am planning to use AWS/Google KMS for the encryption. Is there an official way to get this done? Is the discussion in this thread still the current thinking - https://github.com/spring-cloud/spring-cloud-commons/issues/897
Describe the solution you'd like A clear and concise description of what you want to happen.
Describe alternatives you've considered A clear and concise description of any alternative solutions or features you've considered.
Additional context Add any other context or screenshots about the feature request here.
Comment From: ryanjbaxter
As far as I know, yes, we have not made any changes in that area
Comment From: spring-cloud-issues
If you would like us to look at this issue, please provide the requested information. If the information is not provided within the next 7 days this issue will be closed.
Comment From: dharshanrg
Hi Ryan,
I was able to get a prototype working based on the thread above. I have implemented a custom bootstrapper to supply my own TextEncryptor, however how can I ensure that my TextEncryptor gets registered before TextEncryptorConfigBootstrapper.java? I ran some quick tests 1. If I use register instead of registerIfAbsent() I am able to override the default TextEncryptor but I am unsure if this the way to do it. Also is it possible that the TextEncryptBindHandler picks up the default TextEncryptor this way instead of my encryptor? 2. I implemented the Ordered interface with highest priority - that doesn't seem to make any difference.
Thanks again for your help.
Comment From: ryanjbaxter
If you call register instead of registerIfAbsent it will override the registered type if there is one present ensuring yours is used. In spring cloud we call registerIfAbsent so it will not override yours if its already registered
Comment From: dharshanrg
Hi Ryan,
Wont the TextEncryptorBindHandler retain a reference to the default TextEncryptor ?
Does this mean I have to register the TextEncryptorBindHandler as well after I register my TextEncryptor?
Comment From: ryanjbaxter
I would assume it would use the one that is registered in the BootstrapRegistryInitializer, however I am not terribly familiar with the code either
Comment From: dharshanrg
Hi Ryan,
A quick glance at the code in https://github.com/spring-cloud/spring-cloud-commons/blob/v3.0.1/spring-cloud-context/src/main/java/org/springframework/cloud/bootstrap/TextEncryptorConfigBootstrapper.java#L70
suggests that the TextEncryptorBindHandle is registered immediatly after TextEncryptor. So unless my TextEncryptor is already registered the BindHandle will pick the default encryptor. Is there a way to add a priority ordering to the BootStrap process so that my bootstrapper is run first?
Comment From: ryanjbaxter
I implemented the Ordered interface with highest priority - that doesn't seem to make any difference.
This actually should work https://github.com/spring-projects/spring-boot/blob/v3.0.7/spring-boot-project/spring-boot/src/main/java/org/springframework/boot/SpringApplication.java#L271 https://github.com/spring-projects/spring-boot/blob/v3.0.7/spring-boot-project/spring-boot/src/main/java/org/springframework/boot/SpringApplication.java#L457 https://github.com/spring-projects/spring-boot/blob/v2.7.12/spring-boot-project/spring-boot/src/main/java/org/springframework/boot/SpringApplication.java#L432
Comment From: spring-cloud-issues
If you would like us to look at this issue, please provide the requested information. If the information is not provided within the next 7 days this issue will be closed.
Comment From: spring-cloud-issues
Closing due to lack of requested feedback. If you would like us to look at this issue, please provide the requested information and we will re-open the issue.
Comment From: dharshanrg
Hi team,
Apologies for the delay in getting back. I prototyped the flow and here is what I am seeing
-
I created a custom bootstrapper with Ordered.HIGHEST_PRECEDENCE. When my Bootstrapper initialize() method is called BootstrapRegistry.instanceSuppliers has the default TextEncryptor already registered. However no instances are yet created in BootstrapRegistry.instances. I used the BootstrapRegistry.register() function to override the instance supplier for TextEncryptor.
-
I added a Bootstrapper.addCloseListener to check on the registry at the end of the bootstrap process The TextEncryptor instance created is my custom TextEncryptor.
As per discussion above I was expecting that when my bootstrapper is called there should be no registered suppliers.
Comment From: ryanjbaxter
So does it work for your usecase then?
Comment From: dharshanrg
Hi Ryan,
It does work. I just wanted to make sure this is the supported workflow.
Comment From: ryanjbaxter
I dont see a problem with it
Comment From: dharshanrg
Thanks for all your help. I appreciate your timely responses!