search

spring-cloud / spring-cloud-config

External configuration (server and client) for Spring Cloud
Apache License 2.0
1.95k stars 1.29k forks source link

Using key in encrypted cipher does not work #311

Closed elizabetht closed 8 years ago

elizabetht commented 8 years ago

I have the following property defined in my application.yml file where testkey is the alias of the key I created in keystore.jks file

foo:
  bar: '{cipher}{key:testkey}AQAkdJTf4veOiO67FsR/QoSTA8SreaATOM1+DkSf7zBiTc6aSL4pp/e+VDFw2p7LnBA0VIUgMlKEjaPrI2vLeoz0r73QfycGnVeJTBYKRQjJ/p8oEF7ToK6ygPGuzsTGWp76IDS1z/dmQ2BrrnJ7Uph1YCMgUy1Hyb00l/iihl8vR3Yg7d59uYubjKbXKEBLs5UFF+5t7rrOVV2koRBn8sJkX8L77N5I45bNiQM2GST3uFHZ3Qt6O1081XvJ7SGGa7P1StzBUiFnTGg1IdFmcp/Ui0CCr+yMJW46tK/VGppgKf5Eq+CBYoNCKNn/ZCwhSQ9tRtRxnJup0BZNcBhKCAwAT4z0L/Sy77qmolW4Ipw+bIy9skcAL4od5e3dAHjjGWA='

I am able to decrypt the property on command line.

curl localhost:8888/decrypt -d '{cipher}{key:testkey}AQAkdJTf4veOiO67FsR/QoSTA8SreaATOM1+DkSf7zBiTc6aSL4pp/e+VDFw2p7LnBA0VIUgMlKEjaPrI2vLeoz0r73QfycGnVeJTBYKRQjJ/p8oEF7ToK6ygPGuzsTGWp76IDS1z/dmQ2BrrnJ7Uph1YCMgUy1Hyb00l/iihl8vR3Yg7d59uYubjKbXKEBLs5UFF+5t7rrOVV2koRBn8sJkX8L77N5I45bNiQM2GST3uFHZ3Qt6O1081XvJ7SGGa7P1StzBUiFnTGg1IdFmcp/Ui0CCr+yMJW46tK/VGppgKf5Eq+CBYoNCKNn/ZCwhSQ9tRtRxnJup0BZNcBhKCAwAT4z0L/Sy77qmolW4Ipw+bIy9skcAL4od5e3dAHjjGWA='
SpringCloud

But when I reference foo.bar in my controller, it is not able to decrypt the property on tomcat startup. Following is the stack trace:

2015-12-21 15:17:07.494 ERROR 9026 --- [on(2)-127.0.0.1] o.s.boot.SpringApplication               : Application startup failed

java.lang.IllegalStateException: Cannot decrypt: key=foo.bar
    at org.springframework.cloud.bootstrap.encrypt.EnvironmentDecryptApplicationInitializer.decrypt(EnvironmentDecryptApplicationInitializer.java:189) ~[spring-cloud-context-1.1.0.M3.jar:1.1.0.M3]
    at org.springframework.cloud.bootstrap.encrypt.EnvironmentDecryptApplicationInitializer.decrypt(EnvironmentDecryptApplicationInitializer.java:158) ~[spring-cloud-context-1.1.0.M3.jar:1.1.0.M3]
    at org.springframework.cloud.bootstrap.encrypt.EnvironmentDecryptApplicationInitializer.initialize(EnvironmentDecryptApplicationInitializer.java:92) ~[spring-cloud-context-1.1.0.M3.jar:1.1.0.M3]
    at org.springframework.cloud.bootstrap.BootstrapApplicationListener$DelegatingEnvironmentDecryptApplicationInitializer.initialize(BootstrapApplicationListener.java:259) ~[spring-cloud-context-1.1.0.M3.jar:1.1.0.M3]
    at org.springframework.boot.SpringApplication.applyInitializers(SpringApplication.java:628) ~[spring-boot-1.3.0.RELEASE.jar:1.3.0.RELEASE]
    at org.springframework.boot.SpringApplication.doRun(SpringApplication.java:328) ~[spring-boot-1.3.0.RELEASE.jar:1.3.0.RELEASE]
    at org.springframework.boot.SpringApplication.run(SpringApplication.java:295) ~[spring-boot-1.3.0.RELEASE.jar:1.3.0.RELEASE]
    at org.springframework.boot.context.web.SpringBootServletInitializer.run(SpringBootServletInitializer.java:149) [spring-boot-1.3.0.RELEASE.jar:1.3.0.RELEASE]
    at org.springframework.boot.context.web.SpringBootServletInitializer.createRootApplicationContext(SpringBootServletInitializer.java:129) [spring-boot-1.3.0.RELEASE.jar:1.3.0.RELEASE]
    at org.springframework.boot.context.web.SpringBootServletInitializer.onStartup(SpringBootServletInitializer.java:85) [spring-boot-1.3.0.RELEASE.jar:1.3.0.RELEASE]
    at org.springframework.web.SpringServletContainerInitializer.onStartup(SpringServletContainerInitializer.java:175) [spring-web-4.2.3.RELEASE.jar:4.2.3.RELEASE]
    at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5456) [catalina.jar:7.0.53]
    at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150) [catalina.jar:7.0.53]
    at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:901) [catalina.jar:7.0.53]
    at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:877) [catalina.jar:7.0.53]
    at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:632) [catalina.jar:7.0.53]
    at org.apache.catalina.startup.HostConfig.manageApp(HostConfig.java:1740) [catalina.jar:7.0.53]
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.8.0_66]
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:1.8.0_66]
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.8.0_66]
    at java.lang.reflect.Method.invoke(Method.java:497) ~[na:1.8.0_66]
    at org.apache.tomcat.util.modeler.BaseModelMBean.invoke(BaseModelMBean.java:301) [tomcat-coyote.jar:7.0.53]
    at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.invoke(DefaultMBeanServerInterceptor.java:819) [na:1.8.0_66]
    at com.sun.jmx.mbeanserver.JmxMBeanServer.invoke(JmxMBeanServer.java:801) [na:1.8.0_66]
    at org.apache.catalina.mbeans.MBeanFactory.createStandardContext(MBeanFactory.java:618) [catalina.jar:7.0.53]
    at org.apache.catalina.mbeans.MBeanFactory.createStandardContext(MBeanFactory.java:565) [catalina.jar:7.0.53]
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.8.0_66]
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:1.8.0_66]
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.8.0_66]
    at java.lang.reflect.Method.invoke(Method.java:497) ~[na:1.8.0_66]
    at org.apache.tomcat.util.modeler.BaseModelMBean.invoke(BaseModelMBean.java:301) [tomcat-coyote.jar:7.0.53]
    at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.invoke(DefaultMBeanServerInterceptor.java:819) [na:1.8.0_66]
    at com.sun.jmx.mbeanserver.JmxMBeanServer.invoke(JmxMBeanServer.java:801) [na:1.8.0_66]
    at javax.management.remote.rmi.RMIConnectionImpl.doOperation(RMIConnectionImpl.java:1471) [na:1.8.0_66]
    at javax.management.remote.rmi.RMIConnectionImpl.access$300(RMIConnectionImpl.java:76) [na:1.8.0_66]
    at javax.management.remote.rmi.RMIConnectionImpl$PrivilegedOperation.run(RMIConnectionImpl.java:1312) [na:1.8.0_66]
    at javax.management.remote.rmi.RMIConnectionImpl.doPrivilegedOperation(RMIConnectionImpl.java:1404) [na:1.8.0_66]
    at javax.management.remote.rmi.RMIConnectionImpl.invoke(RMIConnectionImpl.java:832) [na:1.8.0_66]
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.8.0_66]
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:1.8.0_66]
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.8.0_66]
    at java.lang.reflect.Method.invoke(Method.java:497) ~[na:1.8.0_66]
    at sun.rmi.server.UnicastServerRef.dispatch(UnicastServerRef.java:323) [na:1.8.0_66]
    at sun.rmi.transport.Transport$1.run(Transport.java:200) [na:1.8.0_66]
    at sun.rmi.transport.Transport$1.run(Transport.java:197) [na:1.8.0_66]
    at java.security.AccessController.doPrivileged(Native Method) [na:1.8.0_66]
    at sun.rmi.transport.Transport.serviceCall(Transport.java:196) [na:1.8.0_66]
    at sun.rmi.transport.tcp.TCPTransport.handleMessages(TCPTransport.java:568) [na:1.8.0_66]
    at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run0(TCPTransport.java:826) [na:1.8.0_66]
    at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.lambda$run$256(TCPTransport.java:683) [na:1.8.0_66]
    at java.security.AccessController.doPrivileged(Native Method) [na:1.8.0_66]
    at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(TCPTransport.java:682) [na:1.8.0_66]
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) ~[na:1.8.0_66]
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) ~[na:1.8.0_66]
    at java.lang.Thread.run(Thread.java:745) ~[na:1.8.0_66]
Caused by: org.springframework.security.crypto.codec.InvalidBase64CharacterException: Bad Base64 input character decimal 123 in array position 0
    at org.springframework.security.crypto.codec.Base64.decode(Base64.java:614) ~[spring-security-crypto-4.0.3.RELEASE.jar:4.0.3.RELEASE]
    at org.springframework.security.crypto.codec.Base64.decode(Base64.java:238) ~[spring-security-crypto-4.0.3.RELEASE.jar:4.0.3.RELEASE]
    at org.springframework.security.rsa.crypto.RsaSecretEncryptor.decrypt(RsaSecretEncryptor.java:165) ~[spring-security-rsa-1.0.1.RELEASE.jar:na]
    at org.springframework.cloud.bootstrap.encrypt.EnvironmentDecryptApplicationInitializer.decrypt(EnvironmentDecryptApplicationInitializer.java:181) ~[spring-cloud-context-1.1.0.M3.jar:1.1.0.M3]
    ... 54 common frames omitted

Dec 21, 2015 3:17:07 PM org.apache.catalina.core.ContainerBase addChildInternal
SEVERE: ContainerBase.addChild: start: 
org.apache.catalina.LifecycleException: Failed to start component [StandardEngine[Catalina].StandardHost[localhost].StandardContext[]]
    at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:154)
    at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:901)
    at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:877)
    at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:632)
    at org.apache.catalina.startup.HostConfig.manageApp(HostConfig.java:1740)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:497)
    at org.apache.tomcat.util.modeler.BaseModelMBean.invoke(BaseModelMBean.java:301)
    at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.invoke(DefaultMBeanServerInterceptor.java:819)
    at com.sun.jmx.mbeanserver.JmxMBeanServer.invoke(JmxMBeanServer.java:801)
    at org.apache.catalina.mbeans.MBeanFactory.createStandardContext(MBeanFactory.java:618)
    at org.apache.catalina.mbeans.MBeanFactory.createStandardContext(MBeanFactory.java:565)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:497)
    at org.apache.tomcat.util.modeler.BaseModelMBean.invoke(BaseModelMBean.java:301)
    at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.invoke(DefaultMBeanServerInterceptor.java:819)
    at com.sun.jmx.mbeanserver.JmxMBeanServer.invoke(JmxMBeanServer.java:801)
    at javax.management.remote.rmi.RMIConnectionImpl.doOperation(RMIConnectionImpl.java:1471)
    at javax.management.remote.rmi.RMIConnectionImpl.access$300(RMIConnectionImpl.java:76)
    at javax.management.remote.rmi.RMIConnectionImpl$PrivilegedOperation.run(RMIConnectionImpl.java:1312)
    at javax.management.remote.rmi.RMIConnectionImpl.doPrivilegedOperation(RMIConnectionImpl.java:1404)
    at javax.management.remote.rmi.RMIConnectionImpl.invoke(RMIConnectionImpl.java:832)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:497)
    at sun.rmi.server.UnicastServerRef.dispatch(UnicastServerRef.java:323)
    at sun.rmi.transport.Transport$1.run(Transport.java:200)
    at sun.rmi.transport.Transport$1.run(Transport.java:197)
    at java.security.AccessController.doPrivileged(Native Method)
    at sun.rmi.transport.Transport.serviceCall(Transport.java:196)
    at sun.rmi.transport.tcp.TCPTransport.handleMessages(TCPTransport.java:568)
    at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run0(TCPTransport.java:826)
    at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.lambda$run$256(TCPTransport.java:683)
    at java.security.AccessController.doPrivileged(Native Method)
    at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(TCPTransport.java:682)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
    at java.lang.Thread.run(Thread.java:745)
Caused by: java.lang.IllegalStateException: Cannot decrypt: key=foo.bar
    at org.springframework.cloud.bootstrap.encrypt.EnvironmentDecryptApplicationInitializer.decrypt(EnvironmentDecryptApplicationInitializer.java:189)
    at org.springframework.cloud.bootstrap.encrypt.EnvironmentDecryptApplicationInitializer.decrypt(EnvironmentDecryptApplicationInitializer.java:158)
    at org.springframework.cloud.bootstrap.encrypt.EnvironmentDecryptApplicationInitializer.initialize(EnvironmentDecryptApplicationInitializer.java:92)
    at org.springframework.cloud.bootstrap.BootstrapApplicationListener$DelegatingEnvironmentDecryptApplicationInitializer.initialize(BootstrapApplicationListener.java:259)
    at org.springframework.boot.SpringApplication.applyInitializers(SpringApplication.java:628)
    at org.springframework.boot.SpringApplication.doRun(SpringApplication.java:328)
    at org.springframework.boot.SpringApplication.run(SpringApplication.java:295)
    at org.springframework.boot.context.web.SpringBootServletInitializer.run(SpringBootServletInitializer.java:149)
    at org.springframework.boot.context.web.SpringBootServletInitializer.createRootApplicationContext(SpringBootServletInitializer.java:129)
    at org.springframework.boot.context.web.SpringBootServletInitializer.onStartup(SpringBootServletInitializer.java:85)
    at org.springframework.web.SpringServletContainerInitializer.onStartup(SpringServletContainerInitializer.java:175)
    at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5456)
    at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
    ... 42 more
Caused by: org.springframework.security.crypto.codec.InvalidBase64CharacterException: Bad Base64 input character decimal 123 in array position 0
    at org.springframework.security.crypto.codec.Base64.decode(Base64.java:614)
    at org.springframework.security.crypto.codec.Base64.decode(Base64.java:238)
    at org.springframework.security.rsa.crypto.RsaSecretEncryptor.decrypt(RsaSecretEncryptor.java:165)
    at org.springframework.cloud.bootstrap.encrypt.EnvironmentDecryptApplicationInitializer.decrypt(EnvironmentDecryptApplicationInitializer.java:181)
    ... 54 more

Dec 21, 2015 3:17:07 PM org.apache.tomcat.util.modeler.BaseModelMBean invoke
SEVERE: Exception invoking method manageApp
java.lang.IllegalStateException: ContainerBase.addChild: start: org.apache.catalina.LifecycleException: Failed to start component [StandardEngine[Catalina].StandardHost[localhost].StandardContext[]]
    at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:904)
    at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:877)
    at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:632)
    at org.apache.catalina.startup.HostConfig.manageApp(HostConfig.java:1740)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:497)
    at org.apache.tomcat.util.modeler.BaseModelMBean.invoke(BaseModelMBean.java:301)
    at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.invoke(DefaultMBeanServerInterceptor.java:819)
    at com.sun.jmx.mbeanserver.JmxMBeanServer.invoke(JmxMBeanServer.java:801)
    at org.apache.catalina.mbeans.MBeanFactory.createStandardContext(MBeanFactory.java:618)
    at org.apache.catalina.mbeans.MBeanFactory.createStandardContext(MBeanFactory.java:565)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:497)
    at org.apache.tomcat.util.modeler.BaseModelMBean.invoke(BaseModelMBean.java:301)
    at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.invoke(DefaultMBeanServerInterceptor.java:819)
    at com.sun.jmx.mbeanserver.JmxMBeanServer.invoke(JmxMBeanServer.java:801)
    at javax.management.remote.rmi.RMIConnectionImpl.doOperation(RMIConnectionImpl.java:1471)
    at javax.management.remote.rmi.RMIConnectionImpl.access$300(RMIConnectionImpl.java:76)
    at javax.management.remote.rmi.RMIConnectionImpl$PrivilegedOperation.run(RMIConnectionImpl.java:1312)
    at javax.management.remote.rmi.RMIConnectionImpl.doPrivilegedOperation(RMIConnectionImpl.java:1404)
    at javax.management.remote.rmi.RMIConnectionImpl.invoke(RMIConnectionImpl.java:832)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:497)
    at sun.rmi.server.UnicastServerRef.dispatch(UnicastServerRef.java:323)
    at sun.rmi.transport.Transport$1.run(Transport.java:200)
    at sun.rmi.transport.Transport$1.run(Transport.java:197)
    at java.security.AccessController.doPrivileged(Native Method)
    at sun.rmi.transport.Transport.serviceCall(Transport.java:196)
    at sun.rmi.transport.tcp.TCPTransport.handleMessages(TCPTransport.java:568)
    at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run0(TCPTransport.java:826)
    at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.lambda$run$256(TCPTransport.java:683)
    at java.security.AccessController.doPrivileged(Native Method)
    at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(TCPTransport.java:682)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
    at java.lang.Thread.run(Thread.java:745)

Dec 21, 2015 3:17:07 PM org.apache.tomcat.util.modeler.BaseModelMBean invoke
SEVERE: Exception invoking method createStandardContext
javax.management.RuntimeOperationsException: Exception invoking method manageApp
    at org.apache.tomcat.util.modeler.BaseModelMBean.invoke(BaseModelMBean.java:309)
    at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.invoke(DefaultMBeanServerInterceptor.java:819)
    at com.sun.jmx.mbeanserver.JmxMBeanServer.invoke(JmxMBeanServer.java:801)
    at org.apache.catalina.mbeans.MBeanFactory.createStandardContext(MBeanFactory.java:618)
    at org.apache.catalina.mbeans.MBeanFactory.createStandardContext(MBeanFactory.java:565)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:497)
    at org.apache.tomcat.util.modeler.BaseModelMBean.invoke(BaseModelMBean.java:301)
    at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.invoke(DefaultMBeanServerInterceptor.java:819)
    at com.sun.jmx.mbeanserver.JmxMBeanServer.invoke(JmxMBeanServer.java:801)
    at javax.management.remote.rmi.RMIConnectionImpl.doOperation(RMIConnectionImpl.java:1471)
    at javax.management.remote.rmi.RMIConnectionImpl.access$300(RMIConnectionImpl.java:76)
    at javax.management.remote.rmi.RMIConnectionImpl$PrivilegedOperation.run(RMIConnectionImpl.java:1312)
    at javax.management.remote.rmi.RMIConnectionImpl.doPrivilegedOperation(RMIConnectionImpl.java:1404)
    at javax.management.remote.rmi.RMIConnectionImpl.invoke(RMIConnectionImpl.java:832)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:497)
    at sun.rmi.server.UnicastServerRef.dispatch(UnicastServerRef.java:323)
    at sun.rmi.transport.Transport$1.run(Transport.java:200)
    at sun.rmi.transport.Transport$1.run(Transport.java:197)
    at java.security.AccessController.doPrivileged(Native Method)
    at sun.rmi.transport.Transport.serviceCall(Transport.java:196)
    at sun.rmi.transport.tcp.TCPTransport.handleMessages(TCPTransport.java:568)
    at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run0(TCPTransport.java:826)
    at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.lambda$run$256(TCPTransport.java:683)
    at java.security.AccessController.doPrivileged(Native Method)
    at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(TCPTransport.java:682)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
    at java.lang.Thread.run(Thread.java:745)
Caused by: java.lang.IllegalStateException: ContainerBase.addChild: start: org.apache.catalina.LifecycleException: Failed to start component [StandardEngine[Catalina].StandardHost[localhost].StandardContext[]]
    at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:904)
    at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:877)
    at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:632)
    at org.apache.catalina.startup.HostConfig.manageApp(HostConfig.java:1740)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:497)
    at org.apache.tomcat.util.modeler.BaseModelMBean.invoke(BaseModelMBean.java:301)
    ... 33 more

[2015-12-21 03:17:07,504] Artifact Gradle : spring-cloud-config-server : spring-cloud-config-server-0.0.1-SNAPSHOT.war: Error during artifact deployment. See server log for details.

Could you please help on how we can place the 'key' in the cipher data? Also, how can I load multiple keystores to the spring cloud config?

elizabetht commented 8 years ago

I encrypted using the following command curl localhost:8888/encrypt -d SpringCloud. Should I use curl localhost:8888/encrypt -d {key:mykeyalias}SpringCloud instead for the key prefix to work?

dsyer commented 8 years ago

Should I use curl localhost:8888/encrypt -d {key:mykeyalias}SpringCloud instead for the key prefix to work?

Yes. But the key:value placeholders are only supported on the server. It looks like you are trying to use it on the client to me.

elizabetht commented 8 years ago

Yes, I was placing the encrypted value foo.bar: '{cipher}{key:mytestkey}....' on a client and decrypt it at run-time just like when I place foo.bar: '{cipher}...'. The latter gets decrypted successfully but not the former!

elizabetht commented 8 years ago

@dsyer: So, how do we use encrypted values with key prefixes for key rotation and multiple keys on a config client? Any tips/ideas?

spencergibb commented 8 years ago

key:value placeholders are only supported on the server.

Decrypt on the server rather than the client?

elizabetht commented 8 years ago

@spencergibb: We want to have a model where the config server is not used and only the config client is used. The client does not contact the server for decrypting values. Once values are encrypted, the client decrypts it on the fly whenever it is used.

spencergibb commented 8 years ago

So the answer is: currently not possible.

elizabetht commented 8 years ago

Well, thanks!

spencergibb commented 8 years ago

We could turn that into a feature request if it's possible. @dsyer could key prefixes be implemented on the client?

dsyer commented 8 years ago

I guess it's possible. Seems to me you'd be updating the clients often enough that you'd just install a new default key in its keystore. So there's no need for key:value extensions for the client. Please explain your scenario more if it is important.

elizabetht commented 8 years ago

@dsyer and @spencergibb : We want to have this option on the client so that if for some reason, the key that was used for encryption is compromised, we could load another key into the keystore and use the second key for encrypting properties. So, I want to explore this option of using a value encrypted with key1 and same value encrypted with key2 and see if the client could decrypt both the values

dsyer commented 8 years ago

I don't yet see a compelling need for TextEncryptorLocator in a client. You only ever need one key at a time. You can add a new key to the store and change one piece of configuration to point to the new key and you are done. Your workflow for changing a key is the same, but it involves an extra unnecessary abstraction.