Describe the bug
migrate from springboot 2.7.x springcloud 2021.0.6
to
springboot 3.0.6 springcloud 2022.0.2
set spring.cloud.config.server.bootstrap to true, configserver no longer decrypt the entry inside the search-locations when configure itself. It working fine when change it to plain text.
P.s. it working fine during springboot 2.7.x
bootstrap.yml
spring:
application:
name: configserver
profiles:
active: dev
default: dev
include: composite
cloud:
config:
server: ## ConfigServerAutoConfiguration ##
bootstrap: true
composite:
- type: native
search-locations:
- file:/app/config/centralconfig/conf
encrypt:
key-store:
location: classpath:/encrypt/encrypt.pkcs12
password: xxxxxx
alias: encrypt-dev
type: pkcs12
configserver-dev.yml
spring:
security:
user:
name: admin
# admin
password: '{cipher}{key:encrypt-dev}AQCMdfP7wlVsVq43iJxdqnPiFyBAzpdPyXd7emIppONCqs6ilazJ8ttZLkmR7x26hAhAIxizFSy3+uYwNjakrm3o4M1MGmKEYJcMbdJKXNOKftIf15qcB0CwokXl2pSPeYq23aUwryBld6wKuBWjVg8mQ+8InYxJUVMTVbrOxg+yK/PCjCcf/j8g3g7PtTARaRo2Wz9lnojRZNFs7aHXDdyzUH6USrxFZ7l4kb6eficyhMyv+he7l8LOCckSQIBdEHsoeUnLCfAfSAm2xbbU47H8fSK5058MxJWRuSDSMaoh2O/+UcKUs38WPbofTQGudaxsn0i8xJAvMuTViEZBy+sxIl0raIYdzTcb9Ywy3DTmK5Hj6YGj4k1qiv14MQbHNsk='
roles: USER, ADMIN
Comment From: ryanjbaxter
Are you saying its not able to decrypt the search-locations property or the property files within the search-locations?
Comment From: zackfei
Are you saying its not able to decrypt the
search-locationsproperty or the property files within thesearch-locations?
not able to decrypt entry inside property files within search-locations.
For example, configserver-dev.yml above is 1 of the file inside search-locations.
I not sure decryption process was not trigger OR decryption does trigger but not able to decrypt during boostrap configserver itself.
Anyway spring.security.user.password inside configserver-dev.yml was not correct when i try fire the api to configserver with the configured spring security username and password, the stacktrace below show, mean spring security using the unencrypted password to configure the default user
java.lang.IllegalArgumentException: There is no PasswordEncoder mapped for the id "key:encrypt-dev"
at org.springframework.security.crypto.password.DelegatingPasswordEncoder$UnmappedIdPasswordEncoder.matches(DelegatingPasswordEncoder.java:289) ~[spring-security-crypto-6.0.3.jar:6.0.3]
at org.springframework.security.crypto.password.DelegatingPasswordEncoder.matches(DelegatingPasswordEncoder.java:237) ~[spring-security-crypto-6.0.3.jar:6.0.3]
at org.springframework.security.authentication.dao.DaoAuthenticationProvider.additionalAuthenticationChecks(DaoAuthenticationProvider.java:86) ~[spring-security-core-6.0.3.jar:6.0.3]
at org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider.java:147) ~[spring-security-core-6.0.3.jar:6.0.3]
at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:182) ~[spring-security-core-6.0.3.jar:6.0.3]
at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:201) ~[spring-security-core-6.0.3.jar:6.0.3]
at org.springframework.security.authentication.ObservationAuthenticationManager.lambda$authenticate$1(ObservationAuthenticationManager.java:53) ~[spring-security-core-6.0.3.jar:6.0.3]
at io.micrometer.observation.Observation.observe(Observation.java:562) ~[micrometer-observation-1.10.6.jar:1.10.6]
at org.springframework.security.authentication.ObservationAuthenticationManager.authenticate(ObservationAuthenticationManager.java:52) ~[spring-security-core-6.0.3.jar:6.0.3]
at org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilterInternal(BasicAuthenticationFilter.java:176) ~[spring-security-web-6.0.3.jar:6.0.3]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.0.8.jar:6.0.8]
at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:185) ~[spring-security-web-6.0.3.jar:6.0.3]
at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:172) ~[spring-security-web-6.0.3.jar:6.0.3]
at org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:133) ~[spring-security-web-6.0.3.jar:6.0.3]
at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:107) ~[spring-security-web-6.0.3.jar:6.0.3]
at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:93) ~[spring-security-web-6.0.3.jar:6.0.3]
at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:185) ~[spring-security-web-6.0.3.jar:6.0.3]
at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:172) ~[spring-security-web-6.0.3.jar:6.0.3]
at org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:133) ~[spring-security-web-6.0.3.jar:6.0.3]
at org.springframework.security.web.header.HeaderWriterFilter.doHeadersAfter(HeaderWriterFilter.java:90) ~[spring-security-web-6.0.3.jar:6.0.3]
at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:75) ~[spring-security-web-6.0.3.jar:6.0.3]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.0.8.jar:6.0.8]
at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:185) ~[spring-security-web-6.0.3.jar:6.0.3]
at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:172) ~[spring-security-web-6.0.3.jar:6.0.3]
at org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:133) ~[spring-security-web-6.0.3.jar:6.0.3]
at org.springframework.security.web.context.SecurityContextHolderFilter.doFilter(SecurityContextHolderFilter.java:82) ~[spring-security-web-6.0.3.jar:6.0.3]
at org.springframework.security.web.context.SecurityContextHolderFilter.doFilter(SecurityContextHolderFilter.java:69) ~[spring-security-web-6.0.3.jar:6.0.3]
at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:185) ~[spring-security-web-6.0.3.jar:6.0.3]
at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:172) ~[spring-security-web-6.0.3.jar:6.0.3]
at org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:133) ~[spring-security-web-6.0.3.jar:6.0.3]
at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:62) ~[spring-security-web-6.0.3.jar:6.0.3]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.0.8.jar:6.0.8]
at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:185) ~[spring-security-web-6.0.3.jar:6.0.3]
at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:172) ~[spring-security-web-6.0.3.jar:6.0.3]
at org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:133) ~[spring-security-web-6.0.3.jar:6.0.3]
at org.springframework.security.web.session.DisableEncodeUrlFilter.doFilterInternal(DisableEncodeUrlFilter.java:42) ~[spring-security-web-6.0.3.jar:6.0.3]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.0.8.jar:6.0.8]
at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:185) ~[spring-security-web-6.0.3.jar:6.0.3]
at org.springframework.security.web.ObservationFilterChainDecorator$AroundFilterObservation$SimpleAroundFilterObservation.lambda$wrap$0(ObservationFilterChainDecorator.java:268) ~[spring-security-web-6.0.3.jar:6.0.3]
at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:169) ~[spring-security-web-6.0.3.jar:6.0.3]
at org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:133) ~[spring-security-web-6.0.3.jar:6.0.3]
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:233) ~[spring-security-web-6.0.3.jar:6.0.3]
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:191) ~[spring-security-web-6.0.3.jar:6.0.3]
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:352) ~[spring-web-6.0.8.jar:6.0.8]
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:268) ~[spring-web-6.0.8.jar:6.0.8]
at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:67) ~[undertow-servlet-2.3.5.Final.jar:2.3.5.Final]
at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) ~[undertow-servlet-2.3.5.Final.jar:2.3.5.Final]
at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:100) ~[spring-web-6.0.8.jar:6.0.8]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.0.8.jar:6.0.8]
at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:67) ~[undertow-servlet-2.3.5.Final.jar:2.3.5.Final]
at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) ~[undertow-servlet-2.3.5.Final.jar:2.3.5.Final]
at org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:93) ~[spring-web-6.0.8.jar:6.0.8]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.0.8.jar:6.0.8]
at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:67) ~[undertow-servlet-2.3.5.Final.jar:2.3.5.Final]
at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) ~[undertow-servlet-2.3.5.Final.jar:2.3.5.Final]
at org.springframework.web.filter.ServerHttpObservationFilter.doFilterInternal(ServerHttpObservationFilter.java:109) ~[spring-web-6.0.8.jar:6.0.8]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.0.8.jar:6.0.8]
at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:67) ~[undertow-servlet-2.3.5.Final.jar:2.3.5.Final]
at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) ~[undertow-servlet-2.3.5.Final.jar:2.3.5.Final]
at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201) ~[spring-web-6.0.8.jar:6.0.8]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.0.8.jar:6.0.8]
at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:67) ~[undertow-servlet-2.3.5.Final.jar:2.3.5.Final]
at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) ~[undertow-servlet-2.3.5.Final.jar:2.3.5.Final]
at io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84) ~[undertow-servlet-2.3.5.Final.jar:2.3.5.Final]
at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62) ~[undertow-servlet-2.3.5.Final.jar:2.3.5.Final]
at io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68) ~[undertow-servlet-2.3.5.Final.jar:2.3.5.Final]
at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) ~[undertow-servlet-2.3.5.Final.jar:2.3.5.Final]
at io.undertow.servlet.handlers.RedirectDirHandler.handleRequest(RedirectDirHandler.java:68) ~[undertow-servlet-2.3.5.Final.jar:2.3.5.Final]
at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:117) ~[undertow-servlet-2.3.5.Final.jar:2.3.5.Final]
at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57) ~[undertow-servlet-2.3.5.Final.jar:2.3.5.Final]
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) ~[undertow-core-2.3.5.Final.jar:2.3.5.Final]
at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46) ~[undertow-core-2.3.5.Final.jar:2.3.5.Final]
at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64) ~[undertow-servlet-2.3.5.Final.jar:2.3.5.Final]
at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60) ~[undertow-core-2.3.5.Final.jar:2.3.5.Final]
at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77) ~[undertow-servlet-2.3.5.Final.jar:2.3.5.Final]
at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43) ~[undertow-core-2.3.5.Final.jar:2.3.5.Final]
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) ~[undertow-core-2.3.5.Final.jar:2.3.5.Final]
at io.undertow.servlet.handlers.SendErrorPageHandler.handleRequest(SendErrorPageHandler.java:52) ~[undertow-servlet-2.3.5.Final.jar:2.3.5.Final]
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) ~[undertow-core-2.3.5.Final.jar:2.3.5.Final]
at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:276) ~[undertow-servlet-2.3.5.Final.jar:2.3.5.Final]
at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135) ~[undertow-servlet-2.3.5.Final.jar:2.3.5.Final]
at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:132) ~[undertow-servlet-2.3.5.Final.jar:2.3.5.Final]
at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48) ~[undertow-servlet-2.3.5.Final.jar:2.3.5.Final]
at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43) ~[undertow-servlet-2.3.5.Final.jar:2.3.5.Final]
at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:256) ~[undertow-servlet-2.3.5.Final.jar:2.3.5.Final]
at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:101) ~[undertow-servlet-2.3.5.Final.jar:2.3.5.Final]
at io.undertow.server.Connectors.executeRootHandler(Connectors.java:393) ~[undertow-core-2.3.5.Final.jar:2.3.5.Final]
at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:859) ~[undertow-core-2.3.5.Final.jar:2.3.5.Final]
at org.jboss.threads.ContextHandler$1.runWith(ContextHandler.java:18) ~[jboss-threads-3.5.0.Final.jar:3.5.0.Final]
at org.jboss.threads.EnhancedQueueExecutor$Task.run(EnhancedQueueExecutor.java:2513) ~[jboss-threads-3.5.0.Final.jar:3.5.0.Final]
at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1538) ~[jboss-threads-3.5.0.Final.jar:3.5.0.Final]
at org.xnio.XnioWorker$WorkerThreadFactory$1$1.run(XnioWorker.java:1282) ~[xnio-api-3.8.8.Final.jar:3.8.8.Final]
at java.base/java.lang.Thread.run(Thread.java:833) ~[na:na]
Comment From: ryanjbaxter
I just noticed in the example you provided the alias is encrypt-prd but the encrypted password is using encrypt-dev.
Comment From: zackfei
I just noticed in the example you provided the alias is
encrypt-prdbut the encrypted password is usingencrypt-dev.
it actually got another bootstrap-dev.yml to override that alias to encrypt-dev. I just want simplify the provided sample yml. I edited the sample to correct alias.
Comment From: zackfei
hi @ryanjbaxter, any update on this?
Comment From: ryanjbaxter
I am not able to reproduce this issue.
Within the search-location I have configured my config server to look in I have application.yaml with the following property
hello: "{cipher}AQAbQgcJyxoyhChma8bj635RQySmauqAdK8/DBdAp9/Rskztrp0znaVt8hU5voU2Zt3QgUlL2ol2CxpoBS9geK/rYm+8hfmHSvBNu0IncLAx35QJ58cUEhDDohLsm1yitvB4GI7Bzqiw2gbfeCfAHtJgApoQvE+rNQZI4ZnvoD4rFdRnS25tfqP7J1zDvzaUbG8IPDfOtc9jwlpTmP0dHajT8VUxhz3YdrQCT5XzS7Zlo/LvgytKtWMBtZsBxQT+JZHcZ//FajrWzB9GI+0b+2Llhpj6rwDMK28uN2NK8XdlGORptWt0z62rOMPwxDR3N1D/zBTNSgesEWKhZqYqA2tOnStmWTqGe/o5tZaqdpm+5TDZ/ANNjqX0Zld83JuazBQ="
When I then hit http://localhost:8888/application/default I get the following response with the property decrypted.
{
"name": "application",
"profiles": [
"default"
],
"label": null,
"version": null,
"state": null,
"propertySources": [
{
"name": "file:/Users/ryanjbaxter/temp/issues/2265/demo/config/application.yaml",
"source": {
"hello": "mysecret"
}
}
]
}
Comment From: zackfei
the key to reproduce is:
- set
spring.cloud.config.server.bootstraptotrue - using
compositeprofile withnativetype - since configserver using
configserverasspring.application.name, then insidesearch-locationwas containconfigserver.yml. This file was contain some congiuration which required to startup configserver itself, like the spring security user password as shown above at my 1st post, server.ssl as show below .E.g.
server:
ssl:
key-store: file:/app/tls/micro/application-key.pkcs12
key-store-password: '{cipher}{key:encrypt-dev}AQCJAj1KyOVG7Pz4E6+0bvKi02gM37f5A7/FU+7J6ZJfAbP1moYUEVG8pc4tFep3dzw+GJKsVqDgWFfq56eCcU6TQ4rYxf6sietO0goWYSC3bsymoH46DuGjP1LunzHGSZMGzURInTfGfU2ag027MRiiqiZkaNPg8uU18Aqt0cdf1ziHDzgj3WlD6IyQ0fknpUMKH1dMR1380NPvfYrZ25t8BkFOzfAc8vkNnn96T3I428MynRBkZZQU8IDxWrJ+JpXFE/20P41yTwLkrZryRgjHe+iBS6C9XpLCzlufWkDUKusny+Vgghwq4uOYwjnDA8xwcicJo+EbQdggZn/Sgsw3dKUdHQ83Q8OEy1pRt1hOL/vZuVBfBQOM9WZIOB7tQ50='
key-store-type: pkcs12
key-password: '{cipher}{key:encrypt-dev}AQCJAj1KyOVG7Pz4E6+0bvKi02gM37f5A7/FU+7J6ZJfAbP1moYUEVG8pc4tFep3dzw+GJKsVqDgWFfq56eCcU6TQ4rYxf6sietO0goWYSC3bsymoH46DuGjP1LunzHGSZMGzURInTfGfU2ag027MRiiqiZkaNPg8uU18Aqt0cdf1ziHDzgj3WlD6IyQ0fknpUMKH1dMR1380NPvfYrZ25t8BkFOzfAc8vkNnn96T3I428MynRBkZZQU8IDxWrJ+JpXFE/20P41yTwLkrZryRgjHe+iBS6C9XpLCzlufWkDUKusny+Vgghwq4uOYwjnDA8xwcicJo+EbQdggZn/Sgsw3dKUdHQ83Q8OEy1pRt1hOL/vZuVBfBQOM9WZIOB7tQ50='
trust-store: file:/app/tls/micro/application-trust.pkcs12
trust-store-password: '{cipher}{key:encrypt-dev}AQCJAj1KyOVG7Pz4E6+0bvKi02gM37f5A7/FU+7J6ZJfAbP1moYUEVG8pc4tFep3dzw+GJKsVqDgWFfq56eCcU6TQ4rYxf6sietO0goWYSC3bsymoH46DuGjP1LunzHGSZMGzURInTfGfU2ag027MRiiqiZkaNPg8uU18Aqt0cdf1ziHDzgj3WlD6IyQ0fknpUMKH1dMR1380NPvfYrZ25t8BkFOzfAc8vkNnn96T3I428MynRBkZZQU8IDxWrJ+JpXFE/20P41yTwLkrZryRgjHe+iBS6C9XpLCzlufWkDUKusny+Vgghwq4uOYwjnDA8xwcicJo+EbQdggZn/Sgsw3dKUdHQ83Q8OEy1pRt1hOL/vZuVBfBQOM9WZIOB7tQ50='
trust-store-type: pkcs12
Then it will endup not able to start due to keystore password was incorrect, because configserver didn't decrypt the cipher when bootrap itself.
It working fine if i change the all cipher (only the configserver related required to startup itself) to plain text. After it able to start with plain text, any http://localhost:8888/application/default or http://localhost:8888/<application>/<profile> it working fine because it was runtime decryption
org.springframework.context.ApplicationContextException: Unable to start web server
at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.onRefresh(ServletWebServerApplicationContext.java:164) ~[spring-boot-3.0.10.jar:3.0.10]
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:602) ~[spring-context-6.0.11.jar:6.0.11]
at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.refresh(ServletWebServerApplicationContext.java:146) ~[spring-boot-3.0.10.jar:3.0.10]
at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:732) ~[spring-boot-3.0.10.jar:3.0.10]
at org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:434) ~[spring-boot-3.0.10.jar:3.0.10]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:310) ~[spring-boot-3.0.10.jar:3.0.10]
at io.cv.configserver.ConfigServerApplication.main(ConfigServerApplication.java:24) ~[main/:na]
Caused by: java.lang.IllegalStateException: org.springframework.boot.web.server.WebServerException: Could not load key store 'file:/app/tls/micro/application-key.pkcs12'
at org.springframework.boot.web.embedded.undertow.SslBuilderCustomizer.getKeyManagers(SslBuilderCustomizer.java:127) ~[spring-boot-3.0.10.jar:3.0.10]
at org.springframework.boot.web.embedded.undertow.SslBuilderCustomizer.customize(SslBuilderCustomizer.java:77) ~[spring-boot-3.0.10.jar:3.0.10]
at org.springframework.boot.web.embedded.undertow.UndertowWebServerFactoryDelegate.createBuilder(UndertowWebServerFactoryDelegate.java:167) ~[spring-boot-3.0.10.jar:3.0.10]
at org.springframework.boot.web.embedded.undertow.UndertowServletWebServerFactory.getWebServer(UndertowServletWebServerFactory.java:297) ~[spring-boot-3.0.10.jar:3.0.10]
at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.createWebServer(ServletWebServerApplicationContext.java:183) ~[spring-boot-3.0.10.jar:3.0.10]
at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.onRefresh(ServletWebServerApplicationContext.java:161) ~[spring-boot-3.0.10.jar:3.0.10]
... 6 common frames omitted
Caused by: org.springframework.boot.web.server.WebServerException: Could not load key store 'file:/app/tls/micro/application-key.pkcs12'
at org.springframework.boot.web.embedded.undertow.SslBuilderCustomizer.loadStore(SslBuilderCustomizer.java:199) ~[spring-boot-3.0.10.jar:3.0.10]
at org.springframework.boot.web.embedded.undertow.SslBuilderCustomizer.loadKeyStore(SslBuilderCustomizer.java:171) ~[spring-boot-3.0.10.jar:3.0.10]
at org.springframework.boot.web.embedded.undertow.SslBuilderCustomizer.getKeyStore(SslBuilderCustomizer.java:145) ~[spring-boot-3.0.10.jar:3.0.10]
at org.springframework.boot.web.embedded.undertow.SslBuilderCustomizer.getKeyManagers(SslBuilderCustomizer.java:112) ~[spring-boot-3.0.10.jar:3.0.10]
... 11 common frames omitted
Caused by: java.io.IOException: keystore password was incorrect
at java.base/sun.security.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:2159) ~[na:na]
at java.base/sun.security.util.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:221) ~[na:na]
at java.base/java.security.KeyStore.load(KeyStore.java:1473) ~[na:na]
at org.springframework.boot.web.embedded.undertow.SslBuilderCustomizer.loadStore(SslBuilderCustomizer.java:195) ~[spring-boot-3.0.10.jar:3.0.10]
... 14 common frames omitted
Caused by: java.security.UnrecoverableKeyException: failed to decrypt safe contents entry: javax.crypto.BadPaddingException: Given final block not properly padded. Such issues can arise if a bad key is used during decryption.
... 18 common frames omitted