password encrypted with jasypt is breaking when "refreshed"

[nagarajatantry]

Hi,

I have Spring boot application (v1.5.7) with below 2 properties

• myapp.properties --> Properties of this file is getting loaded from the Spring Cloud Config server
• password.properties --> contains passwords encrypted using Jasypt. This is not managed by Spring Cloud config server. it is supplied at runtime using --spring.config.location attribute=file:/password.properties. example of content within password.properties my.server.password=ENC(securepassword)

Problem: When i hit the /refresh API, it thinks that there is a change in "my.server.password" and refreshes it with the encrypted value. This causes issue since I expect the key to contain decrypted value at runtime. Did someone run into the issue? Other thing I observed is, if I have password.properties packaged within the jar file, then I don't run into this issue.

Kindly let me know if any further information is required.

[ryanjbaxter]

I am not familiar with Jasypt. I read through the README quickly. From the description of your problem it sounds like my.server.password is not being decrypted after a refresh event occurs. If that is the case it doesn't really sound like a Spring Cloud problem. It sounds like whatever Jasypt is doing to decrypt the values is not happening on the refresh event. I could be wrong though...

[nagarajatantry]

@ryanjbaxter Let me remove the jasypt dependency for a moment.
I have a Config client application, which has a property file injected through Config server set up and another file from local directory (i.e. through --spring.config.location ) keys of these 2 files do not overlap.

What I observed is, if I modify the properties file in my local directory and then execute "/refresh" endpoint, I see that it detects the local file changes as well. I was expecting the "/refresh" endpoint to detect changes only for the properties file managed by config server.

[spencergibb]

@nagarajatantry seems like an odd situation. How often do you modify the local config file and not want it updated?

[jnulwliang]

@spencergibb @ryanjbaxter i am facing the similar issue. Actually i want to encrypt the password of the git repository in the application.yml of my spring cloud config server project. Could you show me how to encrypt the password or other properties in the application.yml of my spring cloud config server project? Looking forward to your reply, thanks :)

[ryanjbaxter]

@jnulwliang it doesn't sound like your question is related. You should read http://cloud.spring.io/spring-cloud-static/Edgware.SR1/single/spring-cloud.html#_encryption_and_decryption and http://cloud.spring.io/spring-cloud-static/Edgware.SR1/single/spring-cloud.html#_encryption_and_decryption_2

[nagarajatantry]

@spencergibb I use local file to specify password required for the applications. this is not stored in git. The reason why I did not want /refresh to pick it up is that it was not decrypting the password again. I use jasypt encryptor in this project. I was able to then solve it by using com.ulisesbocchio.jasyptspringboot.environment.StandardEncryptableEnvironment

Ideally, since config server was not managing these files in the first place, I was expecting it to not refresh at all.

[spencergibb]

Refresh and configserver are separate concerns. Configserver takes advantage of it.

[nagarajatantry]

@spencergibb Understood. thank you 👍

[nagarajatantry]

@jnulwliang Your issue seems to be not related to this topic. Having said that, In case if you are using jasypt encryptor, you can solve it by creating a META-INF/spring.factories file in src/main/resources directory with below content

org.springframework.cloud.bootstrap.BootstrapConfiguration=\
com.ulisesbocchio.jasyptspringboot.JasyptSpringBootAutoConfiguration

[jnulwliang]

thanks lot. I solved it by using com.ulisesbocchio.jasyptspringboot.environment.StandardEncryptableEnvironment :)

[sathish593]

we are using spring boot version 1.5.9.RELEASE and cloud version Edgware.RELEASE and we are using jasypt for encrypted properties. on refresh property decryption is note working. i tried the StandardEncryptableEnvironment but still no use. can any one share the working example. TIA.

[krishna2025]

we are using spring boot version 2.1.10.RELEASE and cloud version Greenwich.SR3 and we are using jasypt for encrypted passwords. I kept encrypted passwords on application.yml file. During configserver startup it is getting decripted properly and working fine. If I make any changes on application.yml file and hit bus/refresh, my decripted password automatically getting encrypted back and not decripting. Can some one help on this?

[bharathmit]

thanks lot. I solved it by using com.ulisesbocchio.jasyptspringboot.environment.StandardEncryptableEnvironment :)

I added same into main method, when i hit the referesh endpoint i am gtting below error .

"errorMessage": "PropertySource named 'springCloudServicesBootstrap' does not exist",

java.lang.IllegalArgumentException: PropertySource named 'springCloudServicesBootstrap' does not exist at org.springframework.core.env.MutablePropertySources.assertPresentAndGetIndex(MutablePropertySources.java:206) ~[spring-core-5.1.9.RELEASE.jar:5.1.9.RELEASE] at org.springframework.core.env.MutablePropertySources.replace(MutablePropertySources.java:156) ~[spring-core-5.1.9.RELEASE.jar:5.1.9.RELEASE] at com.ulisesbocchio.jasyptspringboot.aop.EncryptableMutablePropertySourcesInterceptor.invoke(EncryptableMutablePropertySourcesInterceptor.java:49) ~[jasypt-spring-boot-3.0.3.jar:na] at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186) ~[spring-aop-5.1.9.RELEASE.jar:5.1.9.RELEASE] at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:688) ~[spring-aop-5.1.9.RELEASE.jar:5.1.9.RELEASE]

[samuelj90]

I know this thread is little old but recently I came across this issue and how I solved can be helpful to anyone facing such issue.

It appears that the issue you are experiencing with jasypt-spring-boot has been addressed in the latest releases. If you have integrated Jasypt with your project using jasypt-spring-boot, I recommend updating to the most recent version. You can find the release notes and updates here: Jasypt Spring Boot Releases. Relevant Links: Issue Thread: Issue #343 Pull Request: PR #344 Key Fixes in Recent Releases: Version 3.0.5: Includes fixes for refresh scope order and Spring Boot 3 support, among others. Version 3.0.4: Addresses various bugs and enhances support for Spring Boot and Spring Cloud. Updating to the latest version should resolve the issues you are facing.