Shulou(Shulou.com)06/03 Report--

This article mainly explains "how to achieve JHipster Registry configuration information encryption", the content of the article is simple and clear, easy to learn and understand, now please follow the editor's ideas slowly in depth, to study and learn "how to achieve JHipster Registry configuration information encryption"!

1 overall Plan 1.1Noun description Noun description Note symmetric encryption is the fastest and easiest way to encrypt. Encryption (encryption) and decryption (decryption) use the same secret key. Key asymmetric encryption is set up directly in the bootstrap.yml file using a pair of keys, public key (public key) and private key (private key). The private key can only be kept securely by one party and cannot be leaked, while the public key can be sent to anyone who requests it. The key pair needs to be generated through the keytool tool and placed under the classpath of Jhipster-Registry. The related component name description version Jhipster-Registry is based on the basic services of eureka and spring cloud config. V3.2.4myClient is a client service used to test the effect of encryption and decryption. 1.0GitLab configuration library GitLab repository referenced by Jhipster-Registry. All configuration files are located. 2 JhipsterRegistry Settings 2.1 symmetric encryption Settings

A) modify bootstrap.yml

Spring:cloud:config:server:encrypt:enabled: true # enable encryption and decryption endpoint # set symmetric key encrypt:key: changeit

B) build and restart the JhipsterRegistry service

2.2 asymmetric encryption Settings

A) generate key pairs

$keytool-genkeypair-alias configkey-keyalg\ RSA-dname "keypass changeit1 keypass changeit1-storepass changeit2-keystore config-server.jks."

B) put config-server.jks in the src/main/resources directory of jhipster-registry

C) modify bootstrap.yml

Spring:cloud:config:server:encrypt:enabled: true # enable encryption and decryption endpointencrypt:keyStore: # asymmetric encryption location: classpath:/config-server.jks # jks file path password: changeit2 # storepass, consistent with the parameter values when the key is generated alias: configkey # alias Consistent with the parameter values when the key was generated secret: changeit1 # keypass, and consistent with the parameter values when the key was generated

D) build and restart the JhipsterRegistry service

3 Test effect 3.1 using encryption and decryption function

A) use the encryption and decryption function through UI

Http://yourdomain:8761/#/encryption

B) exercise the encryption and decryption function by command

$curl yourdomain:8761/encrypt-d $curl yourdomain:8761/decrypt-d 3.2 encrypt the configuration information of the application

A) encrypt the plaintext information of the database password of myClient

$curl yourdomain:8761/encrypt-d my-secret-pw

B) obtain the ciphertext information of the database password

{cipher} 188e937623c258e8ca180b798... A4eb20ff5ff3568cf

C) save the ciphertext to myClient's application-prod.yml

Spring:datasource:username: rootpassword:'{cipher} 188e937623c258e8ca180b798... A4eb20ff5ff3568cf' # pay attention to the ciphertext in yml files in single quotation marks

D) upload application-prod.yml to GitLab warehouse

E) check the configuration attribute password through the management page of jhipster-registry to verify whether the value has been decrypted:

Http://yourdomain:8761/#/config

F) restart myClient to verify that the value of password is correctly obtained and connected to the mysql database.

Thank you for your reading, the above is the content of "how to achieve JHipster Registry configuration information encryption". After the study of this article, I believe you have a deeper understanding of how to achieve JHipster Registry configuration information encryption, and the specific use needs to be verified in practice. Here is, the editor will push for you more related knowledge points of the article, welcome to follow!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.