New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
config-server do not decrypt properties #1515
Comments
related #1490 |
I'm unable to reproduce this problem. I can successfully decrypt with the proper keystore and properties setup. Can you provide a complete, minimal, verifiable sample that reproduces the problem? It should be available as a GitHub (or similar) project or attached to this issue as a zip file. |
Could you please try with a symmetric encryption by declaring just the encryption key ( encrypt:
key: mys3cr3t |
That works for me as well.
|
I've created a sample project that reproduces the problem. Here is the file with the project config-server-test.zip (remember to initialize the git repository inside the configurations folder and commit the yml file).
NOTE |
eureka and springboot-admin should not be needed to replicate the issue, can you remove them and make the project as minimal as possible. |
Ok, I've simplified the project. Here it is the new archive config-server-test-v2.zip |
I ran the demo, but there was something wrong.I ran config-server,and then ran project test-app.Some error info output to the console.The error info displayed below: |
As I have already told in a comment above, you must initialize the git repository and add/commit your configuration files before launching the config-server application (ref: comment) |
Well,the new error info was output to the console of project test-app after I init the git repo.The error info displayed below: |
You did not add/commit the yml file in the repository, please read carefully the whole reply I made. |
Oh,Sorry. It is my carelessness. I reproduced the bug after commit the yml file. @DaviGia |
M3 is a milestone and not supported. |
Config-server won't decrypt properties server-side (even if it's enabled). Whenever a client asks for a configuration the server will not decrypt
{cipher}
marked properties. This happens if thespring-boot-starter-parent
version is equal or greater than2.2.0.RELEASE
.The error is caused by the following java method:
spring-cloud-config/spring-cloud-config-server/src/main/java/org/springframework/cloud/config/server/encryption/CipherEnvironmentEncryptor.java
Lines 60 to 80 in baabff6
seems that since
2.2.0.RELEASE
theMap.Entry<Object, Object> entry
(line: 65) value is not aString
but anObject
. This will causeentry.getValue().toString()
call to return the full name of the object class instead of the value itself, preventing any decryption.The solution is to change the way how the entry value is retrieved from
entry.getValue().toString()
toentry.getValue().getValue()
.Details
Working: 2.1.7.RELEASE
Not Working: 2.2.0.RELEASE and above
To reproduce the error it's sufficient to start a config-server instance (with a spring-boot-starter-parent version 2.2.0.RELEASE or above) and another SpringBootApplication with
spring-cloud-config-client
that fetches the configuration. The config-server configuration must contain at least a property marked with{cipher}
placeholder.The text was updated successfully, but these errors were encountered: