search

micronaut-projects / micronaut-grpc

Integration between Micronaut and GRPC
Apache License 2.0
69 stars 39 forks source link

How to pass password of encrypted private key when enabling grpc.ssl #903

Open ShivaniSK opened 5 months ago

ShivaniSK commented 5 months ago

Issue description

I have below config in my application.yml file

grpc: server: port: 50055 ssl: cert-chain: classpath:certificate.crt private-key: classpath:cert.key

However the private key "cert.key" which I have is encrypted with a password. How do I pass the password in above yml file.?

Also is there a way to enable ssl for the micronaut server as well with same PEM certificate as we pass for above GRPC server?

micronaut: application: name: Elysium GRPC API server: port: 8081 ssl: enabled: true key-store: file: classpath:certificate.crt password: classpath:cert.key

The above config does not work as its expecting a password instead of filepath.

graemerocher commented 5 months ago

you can always set the values of GrpcSslConfiguration programmatically if you need to load data from files etc.

ShivaniSK commented 5 months ago

Hi @graemerocher , I have the certificate and key files. However the private key is encrypted. Is there a way to decrypt it automatically if we pass the decryption password?

Also is it possible to pass .jks or .p12 files instead of PEM?

graemerocher commented 5 months ago

no you will have to implement this decryption logic. There is an extension mechanism called https://docs.micronaut.io/4.0.x/api/io/micronaut/context/env/PropertyExpressionResolver.html where you could implement your own expression resolver. This mechanism is extensible and allows things like ${random.port}. Theoretically you could implement ${decrypt.foo.bar} and have it call the PropertyExpressionResolver to perform the decryption. However there is nothing in the framework that does this by default for you today, you would have to implement this logic.

ShivaniSK commented 5 months ago

Thanks for the update @graemerocher . And is there a way to pass .jks or .p12 instead of PEM files?

graemerocher commented 5 months ago

not to my knowledge

ShivaniSK commented 5 months ago

you can always set the values of GrpcSslConfiguration programmatically if you need to load data from files etc.

Hi @graemerocher , can you point me to the documentation where we can understand how to programmatically set these values. How do we set these values so that they reflect on application startup.

graemerocher commented 5 months ago

https://docs.micronaut.io/4.4.10/guide/#events