Following library is used
- Java 17
- Spring Framework 6.1.6
- Spring Cloud Common 4.1.2
- Spring Cloud Config Client 4.1.2
The minimum entries of configuration is
spring.application.name=example-application
spring.config.import=configserver:https://localhost:8888
When the application starts, first retrieve the configuration from https://localhost:8888/example-application/default. The response content type must be application/json. Following is an example of the response.
HTTP/1.1 200
Content-Type: application/json
Transfer-Encoding: chunked
Date: Tue, 21 May 2024 10:00:00 GMT
{"name":"example-application","profiles":["default"],"label":null,"version":null,"state":null,"propertySources":[{"name":"file:/C:/work/temp/config/example-application-default.properties","source":{"a.b.c":"d"}},{"name":"file:/C:/work/temp/config/example-application.properties","source":{"a.b":"c","a.a":"b","message":"Hello world!"}}]}
The retrieve logic is defined in org.springframework.cloud.config.client.ConfigServerConfigDataLoader#getRemoteEnvironment and the configuration class is org.springframework.cloud.config.client.ConfigClientProperties.
The basic HTTP authentication can be specified by
spring.application.name=example-application
spring.config.import=configserver:https://localhost:8888
spring.cloud.config.username=user
spring.cloud.config.password=pass
After configuration is retrieved, two entries are inserted into the PropertySources list in ApplicationContext.
Decrypt encrypted secret
Property value in configuration can be encrypted. Encoded value has a prefix {cipher}.
message={cipher}0123456789abcfef0123456789abcfef
Decryption is done in org.springframework.cloud.bootstrap.encrypt.DecryptEnvironmentPostProcessor#postProcessEnvironment.
The default algorithm is AES/CBC/PKCS5Padding. Property of encrypt.key is a string password, then a 256 bits key is generated by PBKDF2 hash function (Java implementation is com.sun.crypto.provider.PBKDF2KeyImpl).
encrypt.key=any_string_is_ok
After decryption, a SystemEnvironmentPropertySource of name decrypted is inserted into the PropertySources list in ApplicationContext.