This is a demo Spring Boot application developed to demonstrate the use of the Spring Cloud Config server as a secure and distributed configuration store.
- A Spring Cloud Config server, providing access to properties, both stored in plain text, as well as encrypted sensitive credentials
- A simple client application relying on the server for providing a configuration
- A shared library of dependencies
KEYSTORE_LOCATION=classpath:/server.jks \
KEYSTORE_SECRET=testkeypass \
KEYSTORE_ALIAS=mytestkey \
KEYSTORE_PASSWORD=teststorepass \
./gradlew :config-server:bootRun
./gradlew :app:bootRun
GET http://localhost:8080/theAnswer
# will return 42, of course 😉
GET http://localhost:8080/theSecretAnswer
# will also return 42, but decrypt it out of AQAjSkkiCrikkvLGEKzld6GTIm6Q87iLKVGRGFZOD+bUTPUGgNmu65QTADEnBRBu89UXh9HER/96irs7LYX6FAWnZoirkSPWqOYkx4XC3lA/iVoa3/P7N4tIEh1SwtraKWP6GUs1GWuZBFIGNmaegKGFBsnej09rLSyRG2ARxWoJ2fJN9xSInwG0DceR9CBxYQjnY1RDP8o/OJSg0Ad0HhYmD6sMRbvLz1O5COLVnJZa4LRK4U/K7omSA2D1wNR8KiiZgZSRgsuUSFnCZ4/3i/faDTwJmuIJaLL5k+wR2BhqykvG19RyAN/uE74yEMHcL4JJ12SRupPzn74QEQkmmTsGXGyKYcMRsMvE9NRsc95s3HguSl2dXmb3GqEb+yHT2h0=
first 🚀
GET /{application}/{profile}[/{label}]
# e.g. /sccdemo/dev/master | /sccdemo/dev/sample-feature-branch-1234 | /sccdemo/prod | /sccdemo/dev,prod
GET /{application}-{profile}.yml
GET /{label}/{application}-{profile}.yml
GET /{application}-{profile}.properties
GET /{label}/{application}-{profile}.properties
How does the encryption/decryption work? This repository contains a shared RSA key I created for testing and demo purposes (NOTE: Please, for your own good, never, ever store keys in a repository, unless they have been previously encrypted with another key!!!)
The RSA key is stored under /config-server/src/main/resources
in order to facilitate the demo purpose. In a production environment, the key will and should be stored outside the source code base
The key comes with the following credentials (which need to be passed to the server at boot time, preferably, as environment variables):
- keystore secret -
testkeypass
- keystore password -
teststorepass
- key alias -
mytestkey
- https://cloud.spring.io/spring-cloud-config/
- https://spring.io/guides/gs/centralized-configuration/
- http://tech.asimio.net/2016/12/09/Centralized-and-Versioned-Configuration-using-Spring-Cloud-Config-Server-and-Git.html
- http://www.baeldung.com/spring-cloud-configuration
- http://jeroenbellen.com/manage-and-reload-spring-application-properties-on-the-fly/
- https://andressanchezblog.wordpress.com/2016/09/15/refresh-scope-in-spring-cloud/