Search code examples
spring-bootencryptioncloud-foundryjasypt

Encrypted properties on Cloud foundry with Sping Boot

I have a Spring Boot application which has some encrypted values in its property file e.g. spring.security.user.password=ENC(ZUkuSkFAiu/k7v7G1538ouQmuSWeAuOucAVuvxLCDwwJ0mgnIdfl3N/RgiZMGeBm) I am using jasypt to decrypt these on the fly. This works fine running locally.

However when I deploy the app on Cloud Foundry my property file now pulls the value from vcap env variables. e.g. spring.security.user.password=${vcap.services.myconfig.credentials.user.password}

in PCF the value is added as

user.password = ENC(ZUkuSkFAiu/k7v7G1538ouQmuSWeAuOucAVuvxLCDwwJ0mgnIdfl3N/RgiZMGeBm)

However now my app fails to start and i get an error saying

ERROR 22 --- [ main] o.s.b.web.embedded.tomcat.TomcatStarter : Error starting Tomcat context. Exception: org.springframework.beans.factory.UnsatisfiedDependencyException. Message: Error creating bean with name 'securityFilterChainRegistration' defined in class path resource [org/springframework/boot/autoconfigure/security/servlet/SecurityFilterAutoConfiguration.class]: Unsatisfied dependency expressed through method 'securityFilterChainRegistration' parameter 0; nested exception is org.springframework.boot.context.properties.ConfigurationPropertiesBindException: Error creating bean with name 'spring.security-org.springframework.boot.autoconfigure.security.SecurityProperties': Could not bind properties to 'SecurityProperties' : prefix=spring.security, ignoreInvalidFields=false, ignoreUnknownFields=true; nested exception is org.springframework.boot.context.properties.bind.BindException: Failed to bind properties under 'spring.security.user.password' to java.lang.String

Is there any reason I am missing why this works locally but not on Cloud Foundry?

UPDATE

cf env returns ...

    
System-Provided:
{
 "VCAP_SERVICES": {
  "user-provided": [
   {
    "binding_name": null,
    "credentials": {
     "JAVA_OPTS": "-Dspring.security.user.password=ENC\\\\(ZUkuSkFAiu/k7v7G1538ouQmuSWeAuOucAVuvxLCDwwJ0mgnIdfl3N/RgiZMGeBm\\\\)",
     "user.password": "ENC(ZUkuSkFAiu/k7v7G1538ouQmuSWeAuOucAVuvxLCDwwJ0mgnIdfl3N/RgiZMGeBm)"
    },
    "instance_name": "myconfig",
    "label": "user-provided",
    "name": "myconfig",
    "syslog_drain_url": "",
    "tags": [],
    "volume_mounts": []
   }
  ]
 }
}

where this sows the JAVA_OPTS version that works and also the user.password property that wont resolve

Solution

  • Try this once:

    JAVA_OPTS=-Dspring.security.user.password=ENC\\(ZUkuSkFAiu/k7v7G1538ouQmuSWeAuOucAVuvxLCDwwJ0mgnIdfl3N/RgiZMGeBm\\)