Support loading of base 64 encoded values from the Environment #36033
Comments
|
Perfect, thanks @scottfrederick ! |
|
@scottfrederick Is this something you are open to contribution for? I have a POC that leverages the ResourceLoader and a custom protocol resolver to achieve this same functionality. |
|
@tristanchanson Thanks for the offer, but I have changes in progress for this. |
philwebb
changed the title
|
Hi @scottfrederick , thank you for adding this support. Any idea when this can be available and version ? Can this value be retrieved using |
We don't know yet, as we're still working through some design. It won't make it into Spring Boot 3.2.
You might want to look at creating a custom implementation of an |
|
Hi @scottfrederick , thank you for your inputs. Appreciate it! I gave a try using these classes and able to read certificate string stored as base64 string in AWS secrets manager. Also, able to decode to plain text for keystore. However, it fails with exception when trying to read certs from classpath. After investigating logs, it appears when this Maybe I need to exclude the What is the best way to use custom registrar when it is present ? spring:
cloud:
aws:
endpoint: http://localhost:4566
config:
import:
- aws-secretsmanager:CERT-CHAIN
- aws-secretsmanager:CERT-KEY
ssl:
bundle:
pem:
demo-ssl:
key:
alias: client
keystore:
certificate: ${CERT-CHAIN:fake-default}
private-key: ${CERT-KEY:fake-default}
type: PKCS12
|
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
|
Thanks for adding support for this. It was sorely needed as working with configuration properties of type Out of curiosity, as support for loading base64 encoded values is something that's IMO generally very useful (and not only in the context of Spring Boot and configuration properties), was it considered to have support for this in Spring Framework? |
|
|
I've upgraded to spring-boot 3.3.1 to try and use this feature: But am getting the error
|
|
@gertvv please open a new issue and we can take a look. First impression is that we are indeed missing the use of |
|
@gertvv This change for Spring Boot 3.4 should allow |
|
Perfect! Indeed I had discovered I could get it to work by manually bootstrapping |
|
Hey, wondering if combination of vcap_services and base64 encoding would work out of the box for providing keytab in kerberos spring security? So my idea would be to store encoded keytab within secret-store as a part of vcap_services and make direct reference to it in security configuration. https://stackoverflow.com/questions/45353535/referencing-vcap-variables-in-application-properties basically something like: Best regards, |
|
Why not try it for yourself and see? The |
|
I'm going to do so ;) I just found this thread so I assume it's worth leaving a question so others might benefit from it as well. Thx for you reply. |
The SSL bundle properties
spring.ssl.bundle.jks.myname.keystore.locationandspring.ssl.bundle.jks.myname.truststore.locationcurrently require the value to be a file that can be accessed as a URL. In some cases it is useful to provide the JKS or PKCS#12 content as base 64 encoded text instead of in files.In order to know for sure the type of the content, we'd like to introduce a
base64:prefix that can be used to reference resources in this format. Thebase64:resource type can be applied to the JKSlocationproperties now, and possibly to other resource property types in the future.The text was updated successfully, but these errors were encountered: