feature: encrypted cloud config server

Makefile

@@ -1,6 +1,8 @@
 .PHONY: build test
 
 GRADLE_BIN=./gradlew
+BASIC_AUTH="user:b3956c50-2e1e-4426-aaca-6b09f7cc4808"
+SERVER_CONFIG=localhost:8090
 
 build:
 	# build without executing test
@@ -16,7 +18,16 @@ run-server:
 	$(GRADLE_BIN) server:bootRun
 
 curl-server:
-	curl -s -u "user:b3956c50-2e1e-4426-aaca-6b09f7cc4808" localhost:8090/client/development |jq
+	curl -s -u $(BASIC_AUTH) $(SERVER_CONFIG)/client/development |jq
+
+encrypt-server:
+	curl -s -u $(BASIC_AUTH) $(SERVER_CONFIG)/encrypt/client/development --data-urlencode "Hello world 2"
+
+client-development-refresh:
+	curl -s -u $(BASIC_AUTH) $(SERVER_CONFIG)/client/development/refresh |jq
 
 curl-client:
 	curl -s localhost:8080/v1/message
+
+client-env:
+	curl -s localhost:8080/env

client/src/main/java/tk/antoine/roux/springcloudconfig/SpringApplication.java

@@ -2,11 +2,13 @@ package tk.antoine.roux.springcloudconfig;
 
 import org.springframework.boot.autoconfigure.SpringBootApplication;
 
+import static org.springframework.boot.SpringApplication.run;
+
 @SpringBootApplication
 public class SpringApplication {
 
 	public static void main(String[] args) {
-		org.springframework.boot.SpringApplication.run(SpringApplication.class, args);
+		run(SpringApplication.class, args);
 	}
 
 }

client/src/main/resources/application.properties

@@ -1,3 +1,5 @@
 spring.application.name=client
 spring.profiles.active=development
 spring.config.import=configserver:http://user:b3956c50-2e1e-4426-aaca-6b09f7cc4808@localhost:8090
+
+encrypt.key=toto

server/config-repo/client/development/application.properties

@@ -1 +0,0 @@
-application.message=Hello world

server/src/main/java/tk/antoine/roux/springcloudconfig/SpringCloudConfigServerApplication.java

@@ -1,14 +1,15 @@
 package tk.antoine.roux.springcloudconfig;
 
-import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
 import org.springframework.cloud.config.server.EnableConfigServer;
 
+import static org.springframework.boot.SpringApplication.run;
+
 @EnableConfigServer
 @SpringBootApplication
 public class SpringCloudConfigServerApplication {
 
     public static void main(String[] args) {
-        SpringApplication.run(SpringCloudConfigServerApplication.class, args);
+        run(SpringCloudConfigServerApplication.class, args);
     }
 }

server/src/main/java/tk/antoine/roux/springcloudconfig/configurations/Security.java

@@ -0,0 +1,20 @@
+package tk.antoine.roux.springcloudconfig.configurations;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.web.SecurityFilterChain;
+
+@Configuration(proxyBeanMethods = false)
+public class Security {
+
+    @Bean
+    public SecurityFilterChain configure(HttpSecurity http) throws Exception {
+        return http.csrf()
+            .disable()
+            .httpBasic()
+            .and()
+            .build();
+    }
+
+}

server/src/main/resources/application.properties

@@ -1,6 +1,6 @@
 server.port=8090
 spring.profiles.active=native
-spring.cloud.config.server.native.search-locations=file:./config-repo/{application}/{profile}
+spring.cloud.config.server.native.search-locations=classpath:config-repo/{application}/{profile}
 
 spring.security.user.name=user
 spring.security.user.password=b3956c50-2e1e-4426-aaca-6b09f7cc4808
@@ -8,3 +8,7 @@ spring.security.user.password=b3956c50-2e1e-4426-aaca-6b09f7cc4808
 #spring.cloud.config.server.git.uri=file://${user.home}/config-repo
 #spring.cloud.config.server.git.search-paths='{application}/{profile}'
 #spring.cloud.config.server.git.refresh-rate=10
+
+encrypt.key=toto
+encrypt.salt=deadbeef
+spring.cloud.config.server.encrypt.enabled=false

server/src/main/resources/config-repo/client/development/application.properties

@@ -0,0 +1 @@
+application.message={cipher}f91f7e4bd42a61803334bbf0fbd1e3e8e3c468542fa202317e3668d907dda3d6