Shulou(Shulou.com)06/02 Report--

Supplement

Using Spring Cloud Config encryption requires downloading the JCE extension to generate unlimited-length ciphertext. Link: http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html

After the download is complete, unzip it and copy the two Jar packages to the $JAVA_HOME\ jre\ lib\ security directory.

Brief introduction

In a real project environment, we do not store confidential text such as passwords in clear text in the configuration file to prevent theft. Spring Cloud Config provides encryption methods so that plaintext is encrypted into ciphertext and stored in the configuration file. Spring Cloud Config provides two ways of encryption and decryption, one is symmetric encryption, the other is asymmetric encryption. This article will first show you how to use symmetric encryption.

A brief introduction to symmetric encryption

Symmetric encryption means that both sides of the communication encrypt and decrypt the text with the same key (key). It can be encrypted in two ways:

Stream Cipher . Encrypt the text byte by byte or word by word. Block Cipher . The bytes of a certain length (block size) are encrypted into a unit and filled with placeholders if the length is not enough or is not a multiple of block size.

Symmetric encryption is a relatively simple way, as long as both parties have the same key, the text can be encrypted and decrypted. However, the disadvantage of symmetric encryption is that it cannot authenticate the source, that is, if Alice and Bob are communicating, Alice uses key to pass the encrypted text to Bob, but the encrypted text is intercepted by Eve, and then Eve forwards the ciphertext to Bob, making Bob think that Eve is Alice, which will cause data leakage.

Project source code

Gitee Code Cloud

Configure configserver

First, we need to set up a Key for encryption and add the following configuration items to the bootstrap.yml configuration file in our configserver project:

Encrypt: key: Thisismysecretkey Test

We use this key to encrypt a test item of our web-client. Spring Cloud Config provides terminal paths for encryption and decryption, / encrypt and / decrypt. Start configserver, and then we encrypt our test text with the terminal / encrypt:

Curl localhost:8888/encrypt-d 12345678

The result returned is (the result will be different each time):

94c1027141add9844ec47f0be13caebb6b38ed1dcf99811b1a5cd2b874c64407

Then in our remote config repository, modify the web-client.yml configuration and add a new configuration:

Test: password:'{cipher} 94c1027141add9844ec47f0be13caebb6b38ed1dcf99811b1a5cd2b874c64407'

The quotation marks here are required, and then {cipher} indicates that the data item is ciphertext. Then we can verify the decryption:

Curl localhost:8888/decrypt-d 94c1027141add9844ec47f0be13caebb6b38ed1dcf99811b1a5cd2b874c64407

Normally you will get our 12345678 characters. Then we access the web-client.yml configuration file through url and get the following result:

{"name": "web-client", "profiles": ["default"], "label": null, "version": "6b73c56449acee907fcf37e50892a3afddbf6335", "state": null, "propertySources": [{"name": "https://gitee.com/zxuqian/spring-cloud-config-remote/web-client.yml"," "source": {"message": "this message is from the remote configuration repository", "management.endpoints.web.exposure.include": "*", "test.password": "12345678"}}]}

You will see that the decrypted test.password is 12345678.

Welcome to my blog: Zhang Xuqian's blog

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.