search

eu-federation-gateway-service / efgs-federation-gateway

The goal of this project is to develop the official European solution for the interoperability between national backend servers of decentralised contact tracing applications to combat COVID-19.
Apache License 2.0
59 stars 25 forks source link

Use SpringBoot Dependency Injection System for Database Encryption Password #275

Closed ubamrein closed 3 years ago

ubamrein commented 3 years ago

Preface

This is a modified and adjusted version of https://github.com/eu-federation-gateway-service/efgs-federation-gateway/pull/268 intended to simplify reviewing.

Problem

The previous implementation mixed the SpringBoot property resolution system with the classical "Java" one. This leads to confusion, as the naming scheme looks as if SpringBoot would inject the encryption password to a variable, and hence would allow for variable substitution. There are deployment environments (e.g. CloudFoundry), which do not allow the injection of secrets into arbitrary variables. Hence, the EFGS can only be used with an encryption password manually injected during deployment, which is unpractical since i cannot be automated, or providing the encryption password in a build manifest, checked into the version control, which of course defeats the purpose of using an encryption password.

Solution

In this PR we provide a new Bean, which holds the encryption password, which uses the SpringBoot dependency injection system to provide an instance to the JPA database system. This way, we can use normal SpringBoot variable substitution. The property is named according to the same scheme as before, so it will be backwards compatible and no change for existing systems is needed.

f11h commented 3 years ago

Closed in favour of #281 (#281 contains all commits from this PR)