While developing a springboot-liquibase application following this I need to specify the database username + password as liquibase.user and liquibase.password in the application.properties file. I am looking for a better secure way to use these parameter (dynamically fetched from some other place and use inside my java code)
Is there a way to achieve this?
There are couple of things you can do:
You can encrypt you properties file using jasypt-spring-boot. For more details have a look at demo app
If you are developing distributed system, then spring-cloud-config provides server and client-side support for externalized configuration in a distributed system. With the Config Server you have a central place to manage external properties for applications across all environments
Spring Cloud Config
This project allows you to use an external, centralized configuration repository for one or more applications. You don't need to rebuild your application if a property changes. You can simply change the property in your configuration repository and even push the changes to all of your applications.
See this Getting Started Guide.
Related
I am currently creating a Java Spring application that works with the spring security JWT. Everywhere I look and read about the "secret string", it says should be changed in production. Like this line in my application.properties: security.jwt.secret="this-is-a-512-bit-key-used-for-signing-jwt-tokens-that-should-be-changed-production"
As well as in stackoverflow question that are sort-of related like this one here: How to include jwt secret in application.yaml for Java Spring.
My question is, what should that string become in production? Am I supposed to generate this somewhere in a SecurityConfig class? Or should I generate a 512 bit string and just paste that in the application.properties file?
Thanks in advance.
Secrets should not be added in your regular application.properties file because that would be checked into your version control system. There are various ways to externalize configuration but the easiest is usually to define environment variables.
In your case, you would need an environment variable called SECURITY_JWT_SECRET and Spring Boot will pick this up automatically.
One way to change properties of a spring app is using Spring Cloud Config. Basically your config is in a GitHub repo and as soon as you modify, Spring cloud config server propagates it to other applications referencing it through application.properties.
https://cloud.spring.io/spring-cloud-config/reference/html/
I will share how it has been done in our application which I think one of the standard way of storing credentials.
There may be alternate ways also.
Its not ideal to store token or credentials in properties
We can externalize the token into Vault or config server
when server starts spring application can fetch the properties
Access to vault are controlled
As we have different vault servers across environments, we can store and change the token in runtime and refresh the application.
Regarding generating the jwt token, it should have some expiry time and refreshed periodically.
I'm trying to add authorization to several microservices. Given all the services share similar authorization process, I want to extract the logic to a shared library.
I managed to create library, but I realise all the configurations need to be set in the application.yml file in the microservice which calls the library. I don't want to expose some of the configurations at service layer though.
After some searches, I found I could set #PropertySource("library.properties") in my library's configuration class to force reading properties from the specified .properties file within the library.
The problem now is I want to set different values for different environments, e.g. authorization URL for test and production would be different. How can I configure the file so that the configuration class would read same property value based on active profile (e.g. environment = test/staging/production)?
You can have multiple property files such as "application-environment.yml” in your resource folder. Spring framework picks the right one based on the active profile.
For example, if you define a “staging” environment and have a staging profile and then your property file should be named as application-staging.yml.
I have one java spring boot library and it is using some configuration as below using zookeeper address for loadbalancer.
<user:registry regProtocol="zookeeper" name="testZk" address="${zookeeper.address}"/>
zookeeper.address will be different between development and production environments.
Users of this library can include zookeeper.address in their cloud config properties based on the environment but are there other ways so that library users don't need to include these in their properties and library in some way use different properties based on environment from user.
Serving Plain Text will resolve above problem.
http://cloud.spring.io/spring-cloud-static/spring-cloud-config/2.0.0.M5/single/spring-cloud-config.html#_serving_plain_text
Just define multiple environments, you wish to in application properties and on the user side activate the properties, it will work.
I'm pretty new with java but I think that they could use an application.properties file to overwrite any environmental properties.
application.properties in spring
Is it possible to share some properties for limited group of microservices? I mean I just want to declare common datasourse in one place for several microservices, which will use the same database
I try to implement it using gradle variables, which should consist all data related to db connection with profiles, but probably easier way to do it exists.
Thanks
Yes it is. You're looking for "Spring Cloud Config" server:
Spring Cloud’s config server acts as a single source of configuration
data for all other services in a microservice-based application. It is
itself a microservice whose job is to obtain configuration data from a
Git repository and serve it via RESTful endpoints. All other services
can either consume the config server’s API directly or, if they’re
Spring applications, treat the configuration server as another
property source in Spring’s Environment abstraction.
You can find a nice reading along with examples here.
In Spring Cloud Zuul server we can define all routes which need be redirected via "application.properties".
For example:
zuul.routes.resource.path=/api/**
zuul.routes.resource.url=http://api.com:9025
Once the fat jar is created the "application.properties" is encapsulated into jar, and it's not possible to edit and reload the rules inside the file.
Is there any to inform Zuul about the routes in an external file, and at the same time reload them without stopping the server?
You can use spring cloud config for that.
Spring Cloud Config provides server and client-side support for externalized configuration in a distributed system. With the Config Server you have a central place to manage external properties for applications across all environments
http://cloud.spring.io/spring-cloud-config/spring-cloud-config.html#_spring_cloud_config_client
...a bit late to the party, but...
You can do all that you want with the ConfigServer!
Create an application.yml for config that is common across ALL applications
Create profile specific application-mycommonprofile.yml. As 1. but for the 'mycommonprofile' profile.
Create an appX.yml for each application that is specific to that application.
Create profile specific appX-myprofile.yml. As 3. but for the 'myprofile' profile.
All of these files are optional and are not dependent on any others. You can have an application-mycommonprofile.yml without an application.yml for example.
Hope that helps!
Another late-to-the-party answer, but another way is to use a profile config file, which lives in the filesystem, outside the fatjar.
If the configuration name of your Zuul proxy is 'zuul' and your normal config file is 'zuul.properties' or 'zuul.yaml', then it looks for a profile-specific config file in 'zuul-.properties' or 'zuul-.yaml'.
If you do not specify a profile, then the profile named 'default' is active.
So you can load properties from an external file name 'zuul-default.properties' or 'zuul-default.yaml' (or 'zuul-default.yml', if you use a 3-letter filename extension).
This will then be loaded when no other profile is specified.