You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When app is booting up, in case a configuration server is ready for use, it shall be able to pull the configuration for the app from the server.
A configuration server's endpoint can be configured as:
app.name=${project.artifactId}
conf.endpoint=https://conf-server/conf
# default key is app-name + profile
conf.id=${app.name}-${profile}
With the given setting, app shall request application configuration from:
GET https://conf-server/conf?id=${conf.id}
The response shall be an encrypted (refer to "Security concern" section below) plain text. Once decrypted, it shall be a JSON encoded configurations, e.g:
{
"http.port":"12345",
"session.ttl":"60"
}
App shall use the received configuration to overwrite local provisioned configurations.
Security concern
There are obvious concerns around how to secure the communication between app and configuration server.
How to ensure app's configuration is secured
A RSA key pair shall be generated for each app key.
The private key shall be kept with app by configuration conf.private-key
The public key shall be registered the app's key to configuration server.
Once app requesting its configuration from the server, configuration server shall use the public key to encrypt the configuration
Upon receiving configuration from configuration server, app shall use private key to decrypt configuration.
How to prevent configuration server from being accessed by non-authorised part
Deploy Configuration server in the intranet
Apply IP filter rules to prevent access to configuration server from unknown IP addresses.
The text was updated successfully, but these errors were encountered:
Description
When app is booting up, in case a configuration server is ready for use, it shall be able to pull the configuration for the app from the server.
A configuration server's endpoint can be configured as:
With the given setting, app shall request application configuration from:
The response shall be an encrypted (refer to "Security concern" section below) plain text. Once decrypted, it shall be a JSON encoded configurations, e.g:
App shall use the received configuration to overwrite local provisioned configurations.
Security concern
There are obvious concerns around how to secure the communication between app and configuration server.
How to ensure app's configuration is secured
conf.private-key
How to prevent configuration server from being accessed by non-authorised part
The text was updated successfully, but these errors were encountered: