Shulou(Shulou.com)06/01 Report--

This article will explain the example analysis of Spring Cloud Config for you in detail. The editor thinks it is very practical, so I share it with you as a reference. I hope you can get something after reading this article.

Before we learn about spring cloud config, I can think about what the core functions provided by a configuration center should be.

Provide server and client support

Centralized management of configuration files for each environment

After the configuration file is modified, it can take effect quickly.

Version management can be done.

Support for large concurrent queries

Support for various languages

Spring Cloud Config can perfectly support all of the above requirements.

To use encryption and decryption, you need to install a full JCE in JVM (which does not exist by default). You can download the Java encryption extension (JCE) Infinite strength Management Policy File from Oracle and follow the installation instructions (in effect, replace the two policy files in the JRE lib / security directory with the files you downloaded).

If the remote attribute source contains encrypted content (values that begin with {cipher}), they will be decrypted before being sent to the client via HTTP. The main advantage of this setting is that when they are "static", the property values do not have to be plain text (for example, in the git repository). If the value cannot be decrypted, the value is removed from the attribute source and an additional attribute with the same key is added with the prefix "invalid". And "not applicable" values (usually ""). This is mainly to prevent passwords from being used as passwords and accidentally leaked.

If you are setting up a remote configuration repository for a config client application, you may include an application.yml, such as application.yml

Spring: datasource: username: dbuser password:'{cipher} FKSAJDFGYOS8F7GLHAKERGFHLSAJ'

The encrypted value in the .properties file cannot be enclosed in quotation marks, otherwise it will not be decrypted: application.properties

Spring.datasource.username: dbuserspring.datasource.password: {cipher} FKSAJDFGYOS8F7GLHAKERGFHLSAJ

You can securely push this plain text to the shared git repository and keep the password secret.

The server also exposes / encrypt and / decrypt endpoints (assuming these endpoints will be protected and can only be accessed by authorized agents). If you are editing a remote configuration file, you can use Config Server to encrypt the value by POST to the / encrypt endpoint, for example

$curl localhost:8888/encrypt-d mysecret682bc583f4641835fa2db009355293665d2647dade3375c0ee201de2a49f7bda

Reverse operation can also be obtained through / decrypt (if the server is configured with a symmetric key or full key pair):

Note that if the value to be encrypted has characters that need to be encoded by URL, you should use the-- data-urlencode option curl to ensure that they are encoded correctly.

$curl localhost:8888/decrypt-d 682bc583f4641835fa2db009355293665d2647dade3375c0ee201de2a49f7bdamysecret

If you are using curl for testing, use-- data-urlencode instead of-d or set the explicit Content-Type: text/plain to ensure that the data is correctly encoded ('+ 'especially tricky) when there are special characters.

Add the encrypted value to the {cipher} prefix, then place it in a YAML or properties file, and then commit and push it to a remote potentially insecure store.

Both / encrypt and / decrypt endpoints also accept paths in the form of / * / {name} / {profiles}, which can be used for each application (name) and profile control password when the client calls to the main environment resource.

Note that in order to control passwords in this subtle way, you must also provide a @ Bean of type TextEncryptorLocator, which can create a different cipher for each name and profile. This is not done by default (all encryption uses the same key).

The spring command line client with the Spring Cloud CLI extension installed can also be used for encryption and decryption, such as

$spring encrypt mysecret-key foo682bc583f4641835fa2db009355293665d2647dade3375c0ee201de2a49f7bda$ spring decrypt-key foo 682bc583f4641835fa2db009355293665d2647dade3375c0ee201de2a49f7bdamysecret

To use a key in a file (such as the RSA public key for encryption), type the key using "@" and provide the file path, such as

$spring encrypt mysecret-- key @ ${HOME} / .ssh/id_rsa.pubAQAjPgt3eFZQXwt8tsHAVv/QHiY5sI2dRcR+...

The key parameter is mandatory (although there is a-- prefix).

This is the end of this article on "sample Analysis of Spring Cloud Config". I hope the above content can be of some help to you, so that you can learn more knowledge. if you think the article is good, please share it for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.