2

I hava a java spring.boot application that uses Kubernetes, I'we configured this .yaml file

- name: ACTUATOR_USERNAME
  valueFrom:
    secretKeyRef:
      name: actuator
      key: username
- name: ACTUATOR_PASSWORD
  valueFrom:
    secretKeyRef:
      name: actuator
      key: password

added this attributes to my application.propertis

security.user.name=${ACTUATOR_USERNAME}
security.user.password=${ACTUATOR_PASSWORD}

secret is created at server side, how do I retrieve this values inside my class

package com.greenqloud.usage.healthcheck;

import org.springframework.boot.actuate.autoconfigure.security.servlet.EndpointRequest;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

@Configuration
@EnableWebSecurity
public class ActuatorSecurity extends WebSecurityConfigurerAdapter {
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.requestMatcher(EndpointRequest.toAnyEndpoint()).authorizeRequests()
                .anyRequest().hasRole("USER")
                .and()
                .httpBasic();
    }

    @Override
    public void configure(AuthenticationManagerBuilder auth) throws Exception {
        System.out.println("actuator username: " + System.getenv("ACTUATOR_USERNAME"));
        System.out.println("actuator password: " + System.getenv("ACTUATOR_PASSWORD"));

        auth.inMemoryAuthentication()
                .withUser("actuator").password("{noop}actuator123").roles("USER");
    }
}

the only way I have found is to use the System.out.getenv("ACTUATOR_USERNAME") but I'm sure there is a better way to achieve this?

JonB
  • 804
  • 3
  • 12
  • 40
  • 2
    What's wrong with using `System.getEnv`? What "better way" do you want? – f1sh Feb 20 '19 at 13:57
  • nothing, I was just under the expression that there where a more `spring.boot` way to achieve this, I might be wrong. – JonB Feb 20 '19 at 14:00

2 Answers2

3

I am agree with @Kuikiker about getenv(). But one question why do u want to store credential in env variable. Unless u have some special need I believe you will be better off store them in your application.properties with encrypted value. I usually use jasypt encipher for that (https://www.baeldung.com/spring-boot-jasypt). Hope this helps.

Reedwanul Islam
  • 335
  • 2
  • 6
  • I'm sure I want what you are suggesting, I have in my `application.proppertis` file `security.user.name=${ACTUATOR_USERNAME} security.user.password=${ACTUATOR_PASSWORD}` How can I retrieve this values inside my java class? – JonB Feb 20 '19 at 14:14
  • @Value("security.user.password"). Have a look at https://www.baeldung.com/spring-value-annotation – Reedwanul Islam Feb 20 '19 at 14:18
  • like this `@Value("security.user.name") private String actuatorUsername; @Value("${ACTUATOR_PASSWORD}") private String actuatorPassword; auth.inMemoryAuthentication() .withUser(actuatorUsername).password(actuatorPassword).roles("USER");`` although IntelliJ complains about `Private field 'actuatorUsername' is never assigned` ? – JonB Feb 20 '19 at 14:23
  • Yes IDE does that. This value get assigned to the variable on run time through dependency injection so IDE complain because it could not find any reference. – Reedwanul Islam Feb 20 '19 at 14:26
  • Why can I not directly use the value like this `auth.inMemoryAuthentication() .withUser(@Value("security.user.name")).password(@Value("${security.user.password}")).roles("USER");` ? – JonB Feb 20 '19 at 14:34
  • Spring boot only render the object that are part of spring boot component. – Reedwanul Islam Feb 20 '19 at 14:39
  • got this error `2019-02-20 14:42:19.589 ERROR 880 --- [ XNIO-3 task-4] io.undertow.request : UT005023: Exception handling request to /actuator/ java.lang.IllegalArgumentException: There is no PasswordEncoder mapped for the id "null" at org.springframework.security.crypto.password.DelegatingPasswordEncoder$UnmappedIdPasswordEncoder.matches(DelegatingPasswordEncoder.java:238) ~[spring-security-core-5.0.8.RELEASE.jar!/:5.0.8.RELEASE]` – JonB Feb 20 '19 at 14:44
0

System.getenv() is used to retrieve environment variable values; there is nothing wrong with it. However, since you are using SpringBoot you may find the following question valuable: Read environment variable in SpringBoot

Kuikiker
  • 156
  • 13