3

So I've done some Googling and read some of the documentation on Spring Cloud, but in an effort to truly punish myself, I'm seeking to understand just exactly how encrypting sensitive application properties with a "{cipher}" really works.

For example in an application.yml...

Spring.datasource.password: '{cipher} abdjdbdjfb15168gddbdk3900289'

My understanding is that it is safe to commit this to a repo and that spring boot uses an encrypt.key in bootstrap.yml in order to decrypt it when needed.

What I don't understand is why is it safe to commit the encrypt.key to the repo? And if you don't, then how am I supposed to utilize this?

I also found a link on the heroku documentation that you maybe set this as a configuration variable in the server?

Bottom line, I have a lot of questions and, most importantly, I am not even sure what questions I need to be asking. So I'm hoping someone out there that knows what they're doing can point me in a few right directions of some links to read etc to get me going please?

Thanks in advance!

mljohns89
  • 887
  • 1
  • 11
  • 16
  • It's definitely not safe to commit any keys to the repo. You'll also want to make sure you're using good passwords, as you're still open to brute forcing. – Kayaman Oct 11 '17 at 15:45
  • https://gitter.im/spring-cloud/spring-cloud is a good place to get in touch with the Spring Cloud team. – mp911de Oct 11 '17 at 18:55

1 Answers1

1

First of all, checkout the reference documentation about encryption in Spring Cloud Config which explains possibilities of configuration support.

You should never commit sensitive data such as keys to a source code repository if you can't control access to that repository. Not only regular access but also physical access, backups, ….

The preferred approach how to handle keys is storing the key in as few places as possible, ideally only on the server side where decryption happens. There you have the option to either use a bootstrap config, system properties or environment variables as a mechanism to pass the key to your runtime.

You might want to peek into HashiCorp Vault support as Vault solves the chicken-egg problem of key management. Instead, you can obtain a Vault token (from inside your client application, or configure a token on the server) and Vault will handle encryption/decryption for you.

mp911de
  • 17,546
  • 2
  • 55
  • 95
  • If I store my "secret.key" in my bootstrap.yml file, add that file to my .gitignore, then when I deploy my api to a PaaS, is this basically what you are suggesting? Thanks for the links! This is basically what I was looking for :) – mljohns89 Oct 11 '17 at 19:15
  • Keep sensitive data as far away from any SCM repo as possible. By doing so, you actively prevent accidental disclosure. Try using the security features that your PaaS provides you with. – mp911de Oct 11 '17 at 19:24