diff --git a/.sdkmanrc b/.sdkmanrc
index 849a27e..edbc61b 100644
--- a/.sdkmanrc
+++ b/.sdkmanrc
@@ -1,3 +1,4 @@
 # Enable auto-env through the sdkman_auto_env config
 # Add key=value pairs of SDKs to use below
 java=17.0.6-tem
+springboot=2.7.9
diff --git a/Makefile b/Makefile
index 1734626..289638c 100644
--- a/Makefile
+++ b/Makefile
@@ -4,6 +4,10 @@ GRADLE_BIN=./gradlew
 BASIC_AUTH="user:b3956c50-2e1e-4426-aaca-6b09f7cc4808"
 SERVER_CONFIG=localhost:8090
 
+setup:
+	sdk install springboot 2.7.9
+	spring install org.springframework.cloud:spring-cloud-cli:2.2.4.RELEASE
+
 build:
 	# build without executing test
 	$(GRADLE_BIN) build -x test
@@ -20,6 +24,9 @@ run-server:
 curl-server:
 	curl -s -u $(BASIC_AUTH) $(SERVER_CONFIG)/client/development |jq
 
+encrypt-cli:
+	spring encrypt 'Hello world 2' --key toto
+
 encrypt-server:
 	curl -s -u $(BASIC_AUTH) $(SERVER_CONFIG)/encrypt/client/development --data-urlencode "Hello world 2"
 
diff --git a/client/src/main/resources/application.properties b/client/src/main/resources/application.properties
index 6c3ea5e..4725d8f 100644
--- a/client/src/main/resources/application.properties
+++ b/client/src/main/resources/application.properties
@@ -3,3 +3,4 @@ spring.profiles.active=development
 spring.config.import=configserver:http://user:b3956c50-2e1e-4426-aaca-6b09f7cc4808@localhost:8090
 
 encrypt.key=toto
+spring.cloud.config.server.bootstrap=
diff --git a/server/src/main/java/tk/antoine/roux/springcloudconfig/SpringCloudConfigServerApplication.java b/server/src/main/java/tk/antoine/roux/springcloudconfig/SpringCloudConfigServerApplication.java
index af8236c..4adce96 100644
--- a/server/src/main/java/tk/antoine/roux/springcloudconfig/SpringCloudConfigServerApplication.java
+++ b/server/src/main/java/tk/antoine/roux/springcloudconfig/SpringCloudConfigServerApplication.java
@@ -1,12 +1,14 @@
 package tk.antoine.roux.springcloudconfig;
 
 import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.boot.context.properties.ConfigurationPropertiesScan;
 import org.springframework.cloud.config.server.EnableConfigServer;
 
 import static org.springframework.boot.SpringApplication.run;
 
 @EnableConfigServer
 @SpringBootApplication
+@ConfigurationPropertiesScan
 public class SpringCloudConfigServerApplication {
 
     public static void main(String[] args) {
diff --git a/server/src/main/java/tk/antoine/roux/springcloudconfig/configurations/Encryption.java b/server/src/main/java/tk/antoine/roux/springcloudconfig/configurations/Encryption.java
new file mode 100644
index 0000000..d0e8a9f
--- /dev/null
+++ b/server/src/main/java/tk/antoine/roux/springcloudconfig/configurations/Encryption.java
@@ -0,0 +1,26 @@
+package tk.antoine.roux.springcloudconfig.configurations;
+
+import org.springframework.cloud.bootstrap.encrypt.KeyProperties;
+import org.springframework.cloud.config.server.config.DefaultTextEncryptionAutoConfiguration;
+import org.springframework.cloud.config.server.encryption.TextEncryptorLocator;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+
+@Configuration(proxyBeanMethods = false)
+public class Encryption {
+
+    private final DefaultTextEncryptionAutoConfiguration defaultTextEncryptionAutoConfiguration;
+
+    public Encryption() {
+        defaultTextEncryptionAutoConfiguration = new DefaultTextEncryptionAutoConfiguration();
+    }
+
+    @Bean
+    public TextEncryptorLocator textEncryptorLocator(MultiKeyProperties multiKeyProperties) {
+        return keys -> {
+            KeyProperties keyPropertiesForClient = multiKeyProperties.encrypt().get(keys.get("application"));
+            return defaultTextEncryptionAutoConfiguration.defaultTextEncryptor(keyPropertiesForClient);
+        };
+    }
+
+}
diff --git a/server/src/main/java/tk/antoine/roux/springcloudconfig/configurations/MultiKeyProperties.java b/server/src/main/java/tk/antoine/roux/springcloudconfig/configurations/MultiKeyProperties.java
new file mode 100644
index 0000000..8357253
--- /dev/null
+++ b/server/src/main/java/tk/antoine/roux/springcloudconfig/configurations/MultiKeyProperties.java
@@ -0,0 +1,10 @@
+package tk.antoine.roux.springcloudconfig.configurations;
+
+import org.springframework.boot.context.properties.ConfigurationProperties;
+import org.springframework.cloud.bootstrap.encrypt.KeyProperties;
+
+import java.util.Map;
+
+@ConfigurationProperties("custom")
+public record MultiKeyProperties(Map<String, KeyProperties> encrypt) {
+}
diff --git a/server/src/main/resources/application.properties b/server/src/main/resources/application.properties
index 5a17cb8..ff2ec97 100644
--- a/server/src/main/resources/application.properties
+++ b/server/src/main/resources/application.properties
@@ -9,6 +9,6 @@ spring.security.user.password=b3956c50-2e1e-4426-aaca-6b09f7cc4808
 #spring.cloud.config.server.git.search-paths='{application}/{profile}'
 #spring.cloud.config.server.git.refresh-rate=10
 
-encrypt.key=toto
-encrypt.salt=deadbeef
+custom.encrypt.client.key=toto
+custom.encrypt.client.salt=deadbeef
 spring.cloud.config.server.encrypt.enabled=false
diff --git a/server/src/main/resources/config-repo/client/development/application.properties b/server/src/main/resources/config-repo/client/development/application.properties
index cc5e729..0d02e01 100644
--- a/server/src/main/resources/config-repo/client/development/application.properties
+++ b/server/src/main/resources/config-repo/client/development/application.properties
@@ -1 +1,2 @@
-application.message={cipher}f91f7e4bd42a61803334bbf0fbd1e3e8e3c468542fa202317e3668d907dda3d6
+#application.message={cipher}6df1fbfff94432322eff713b0a77c861e3165f0f1e5ac55b347a3a5ebbd8ae8953e47cd6e194d0fe59c960edbb1c3a7fbcab0ac03c7f1614c2f712112954027a
+application.message={cipher}{key:client}0aa915c8a9262e16b1e55f30c500c2ffac6557b66f81cecdc91eff17f8045486