Spring cloud

从配置获取的配置默认是明文的，有些像数据源这样的配置需要加密的话，需要对配置中心进行加密处理。下面使用对称性加密来加密配置，需要配置一个密钥，当然也可以使用RSA非对称性加密，但对称加密比较方便也够用了，这里就以对称加密来配置即可。

1、安装JCE

JDK下的JCR默认是有长度限制的，需要替换没有长度限制的JCE版本。

JAVA 1.7 http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html

JAVA 1.8  http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.htm

把下载包里面的两个jar文件复制替换到JAVA_HOME/jre/lib/security目录下。

2、添加加密KEY

配置中心配置文件中加入加密密钥。

下面是配置中心的代码：

Pom.xml

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>
    <parent>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-parent</artifactId>
        <version>2.1.8.RELEASE</version>
        <relativePath/> <!-- lookup parent from repository -->
    </parent>
    <groupId>com.demo.encrypt</groupId>
    <artifactId>encrypt-demo</artifactId>
    <version>0.0.1-SNAPSHOT</version>
    <name>encrypt-demo</name>
    <description>Demo project for Spring Boot</description>

    <properties>
        <java.version>1.8</java.version>
        <spring-cloud.version>Greenwich.SR3</spring-cloud.version>
        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
        <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
    </properties>

    <dependencies>
        <dependency>
            <groupId>org.springframework.cloud</groupId>
            <artifactId>spring-cloud-config-server</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.cloud</groupId>
            <artifactId>spring-cloud-starter-netflix-eureka-client</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-test</artifactId>
            <scope>test</scope>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-web</artifactId>
            <exclusions><!-- 去掉默认配置 -->
                <exclusion>
                    <groupId>org.springframework.boot</groupId>
                    <artifactId>spring-boot-starter-logging</artifactId>
                </exclusion>
            </exclusions>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-log4j2</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-actuator</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.cloud</groupId>
            <artifactId>spring-cloud-starter-bus-amqp</artifactId>
        </dependency>
    </dependencies>

    <dependencyManagement>
        <dependencies>
            <dependency>
                <groupId>org.springframework.cloud</groupId>
                <artifactId>spring-cloud-dependencies</artifactId>
                <version>${spring-cloud.version}</version>
                <type>pom</type>
                <scope>import</scope>
            </dependency>
        </dependencies>
    </dependencyManagement>

    <build>
        <plugins>
            <plugin>
                <groupId>org.springframework.boot</groupId>
                <artifactId>spring-boot-maven-plugin</artifactId>
            </plugin>
            <plugin>
                <groupId>org.apache.maven.plugins</groupId>
                <artifactId>maven-surefire-plugin</artifactId>
                <version>2.22.2</version>
                <configuration>
                    <skipTests>true</skipTests>
                </configuration>
            </plugin>
        </plugins>
    </build>

</project>

import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.cloud.client.discovery.EnableDiscoveryClient;
import org.springframework.cloud.config.server.EnableConfigServer;

@EnableDiscoveryClient
@SpringBootApplication
@EnableConfigServer
public class EncryptDemoApplication {

    public static void main(String[] args) {
        SpringApplication.run(EncryptDemoApplication.class, args);
    }

}

bootstrap.properties   encrypt.key 一定要写在bootstrap.properties 或 bootstrap.yml配置文件中

server.port=8080
spring.application.name=encrypt-demo
eureka.client.serviceUrl.defaultZone=${defaultZone:http://127.0.0.1:8001/eureka/}
spring.cloud.config.server.git.uri=你的Git配置中心地址
spring.cloud.config.server.git.searchPaths={application}
spring.cloud.config.server.git.username=用户名
spring.cloud.config.server.git.password=密码
spring.cloud.config.server.git.basedir=本地地址
spring.cloud.config.server.git.force-pull=true
spring.cloud.config.label=${label:develop}
encrypt.key=plk #********加密的Key，这个是加密必须的*******

3、查看加密功能状态

启动Config-Server访问： http://localhost:8080/encrypt/status

功能正常会展示OK

{"status":"OK"}

4、加密解密

对develop字符串加密

curl http://192.168.1.237:7100/encrypt -d  develop -u config-user:99282424-5939-4b08-a40f-87b2cbc403f6

对develop字符串解密

curl http://192.168.1.237:7100/decrypt -d  0fb593294187a31f35dea15e8bafaf77745328dcc20d6d6dd0dfa5ae753d6836 -u config-user:99282424-5939-4b08-a40f-87b2cbc403f6

-u username:password 为basic认证

或者使用POSTMAN请求：

5、配置文件

spring: 
  datasource: 
    username: '{cipher}0fb593294187a31f35dea15e8bafaf77745328dcc20d6d6dd0dfa5ae753d6836'

需要加密的内容以{cipher}开头，并注意要使节单引号包起来，不然报错。

6、读取配置

这样客户端读取出来的配置是自动解密了的，如果要关闭自动解密功能通过客户端自己来解密，同时也要保留加解密的端点可以通过关闭以下配置即可。

spring.cloud.config.server.encrypt.enabled=false

来源：oschina

链接：https://my.oschina.net/bodi666/blog/4742098