Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

KeyStoreConfiguration loaded too late in bootstrap #762

Open
JWThewes opened this issue Jul 28, 2017 · 11 comments
Open

KeyStoreConfiguration loaded too late in bootstrap #762

JWThewes opened this issue Jul 28, 2017 · 11 comments
Labels
closable documentation
Milestone
1.3.5.RELEASE

Comments

@JWThewes
Copy link

After updating to the latest 1.3.2 release we found out our ConfigServer isn't decrypting {cipher} values anymore.
After digging deep into the ConfigServer I noticed that the KeyStoreConfiguration is loaded after the EncryptorConfiguration.
This results in an SingleTextEncryptorLocator (with a NoOpTextEncryptor) being used instead of the desired KeyStoreTextEncryptorLocator.

I've been able to workaround it moving the encrypt.key-store.location property from the application.ym to the bootstrap.yml.
There are two possible solutions for this:

  1. Update the documentation to reflect that the encryp.key-store properties need to be placed inside the bootstrap.yml
  2. Make sure the KeyStoreTextEncryptorLocator is configured before configuring the EnvironmentEncryptor
@ojhughes
Copy link
Contributor

I think this is related to #760

@spencergibb
Copy link
Member

@JWThewes we pushed a change for #760 can you try snapshots and see if it fixes your issue?

@JWThewes
Copy link
Author

Sorry I've been on holiday. Is this included in the released version 1.3.2?

@JWThewes
Copy link
Author

@spencergibb I tried with 1.3.3.BUILD-SNAPSHOT. Doesn't work for me.

@spencergibb
Copy link
Member

@JWThewes can you create a small sample that recreates the problems. Your symptoms sound exactly like #760

@JWThewes
Copy link
Author

Of course I’ll do it. 1.3.3-BUILD-SNAPSHOT is correct?

@spencergibb
Copy link
Member

yes, thanks

@JWThewes
Copy link
Author

JWThewes commented Aug 24, 2017
edited
Loading

@spencergibb I created a small sample demonstrating the issue. One part is the ConfigServer and one the ConfigClient. If you start both and open http://localhost:8080/test you should get "goodpassword" as a result.
Currently you get the decrypted password.
As soon as you move everything under the encryption: block from application.yml to bootstrap.yml and restart both applications it works.

Hope this helps. If you need any further information feel free to contact anytime.

configserver-issue.zip

@spencergibb
Copy link
Member

EncryptionAutoConfiguration is loaded as a BootstrapConfiguration, therefore the keystore information must go in bootstrap.yaml

@spencergibb
Copy link
Member

So the solution here is to note that for config server

Update the documentation to reflect that the encryp.key-store properties need to be placed inside the bootstrap.yml

@spencergibb spencergibb added this to the 1.3.3.RELEASE milestone Aug 24, 2017
@zxkane
Copy link

zxkane commented Oct 25, 2017

Costed few hours to point out it's caused by recent changes after upgrading to Dalston.SR4. Pls update this IMPORTANT note in doc.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
closable documentation
Projects
None yet
Milestone
1.3.5.RELEASE
Development

No branches or pull requests
6 participants
@ryanjbaxter @spencergibb @ojhughes @zxkane @marcingrzejszczak @JWThewes