Spring Cloud Config配置文件加解密
坑爹的問題
> curl http://localhost:8888/encrypt -d 123
{"description":"No key was installed for encryption service","status":"NO_KEY"}
遇到這個問題有三個原因
- 未配置JCE
- 未設置key/keystore
- spring cloud bug
如何解決
覆蓋JCE
JDK6的下載地址:
http://www.oracle.com/technetwork/java/javase/downloads/jce-6-download-429243.html
JDK7的下載地址:
http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html
JDK8的下載地址:
http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html
下載後,加壓文件,把local_policy.jar
,US_export_policy.jar
拷貝並覆蓋到$JAVA_HOME/jre/lib/security
設置key/keystore
設置key
在application.properties
設置對應的key
encrypt.key=mykey
設置keystore
生成keystore
$ keytool -genkeypair -alias mytestkey -keyalg RSA \
-dname "CN=Web Server,OU=Unit,O=Organization,L=City,S=State,C=US" \
-keypass changeme -keystore server.jks -storepass letmein
修改application.yml
encrypt:
keyStore:
location: classpath:/server.jks
password: letmein
alias: mytestkey
secret: changeme
spring cloud bug
Dalston.SR3
、Dalston.SR2
版本不能對配置文件加密,若需要調整到Dalston.SR1
或者期待Dalston.SR4
的發佈
https://github.com/spring-cloud/spring-cloud-config/issues/767
配置加解密
若能解決以上的問題,那可以試試,哈哈哈~~~
> curl http://localhost:8888/encrypt -d 123
281367c2bec4e3514f5683375801eaa93d88daff722c70a64a4c700870351b9
ps:由於小編的項目與你的配置有些偏差(如context=path,密鑰對),結果也會有些偏差