I'm trying to get my Spring Cloud Config Server to handle encrypted values but with little success so far.
I created a minimal app that contains a Controller returning a value from the configuration.
@RestController
public class DemoController {
private ConfigContainer config;
@Autowired
public DemoController(ConfigContainer config) {
this.config = config;
}
@GetMapping(value = "/getdata")
public String getData() {
return config.getValue();
}
}
The ConfigContainer gets the value by an @Autowired constructor, I tried this with and without the @RefreshScope annotation.
On the Config Server side, I have the keystore, unlimited strengt JCE and the following bootstrap.yml
spring.cloud.config.server:
git.uri: https://my-git.server/repo
encrypt.enabled: true
encrypt:
key-store:
location: classpath:/server.jks
password: password
alias: alias
secret: secretvalue
The git repository contains a yml with a value
value: '{cipher}AQCbwJFxL/ebeWYHhLhYM ... bj4CtHuo='
Decrypting the value using the decrypt endpoint of the config server works as expected but when I use the value in my demo application, I just get the encrypted value with the {cipher} tag stripped. When I change the value after the tag to something that can't be decrypted there is no error and no "invalid" value in the config like mentioned in the documentation. The logfiles of the Config Server are very quiet and non conclusive. I see the same tag-stripped value too, when I just query the config from the Config Server using a browser.
I'm using Cloud Config Server 1.4.0.RELEASE
Doing the quickstart requested in the comments I got a working quickstart. Reintegrationg this into by app gave only whitespace and comment changes and a working app... The problem was most likely caused by artifacts from previous builds...