I have configserver deployed working, able to encrypt and decrypt passwords using url localhost:8888/encrypt and localhost:8888/decrypt. I encrypted password used in the config server security.user.password.
I added encryted securitykey to config client bootstrap properties. Now bootsttrap for config client as follows.
encrypt:
key: caoConfigserverspring
application:
name: xyz
cloud:
config:
uri: http://localhost:8888
enabled: true
fail-fast: true
username: my_user
password: '{cipher}1234567890hjdbcbvnhfg'
server:
port: 8080
I tried password without single quote and application fails with parsing error. I tried with plain as password and the application works fine. When I use encrypted value, while deploying I see following error. What am I missing when using encrypted password?
2019-05-17 13:03:53 - Application run failed
java.lang.IllegalStateException: Cannot decrypt: key=cloud.config.password
at org.springframework.cloud.bootstrap.encrypt.EnvironmentDecryptApplicationInitializer.doDecrypt(EnvironmentDecryptApplicationInitializer.java:238) ~[spring-cloud-context-2.1.0.RELEASE.jar!/:2.1.0.RELEASE]
at org.springframework.cloud.bootstrap.encrypt.EnvironmentDecryptApplicationInitializer.decrypt(EnvironmentDecryptApplicationInitializer.java:169) ~[spring-cloud-context-2.1.0.RELEASE.jar!/:2.1.0.RELEASE]
at org.springframework.cloud.bootstrap.encrypt.EnvironmentDecryptApplicationInitializer.initialize(EnvironmentDecryptApplicationInitializer.java:96) ~[spring-cloud-context-2.1.0.RELEASE.jar!/:2.1.0.RELEASE]
at org.springframework.cloud.bootstrap.BootstrapApplicationListener$DelegatingEnvironmentDecryptApplicationInitializer.initialize(BootstrapApplicationListener.java:407) ~[spring-cloud-context-2.1.0.RELEASE.jar!/:2.1.0.RELEASE]
at org.springframework.boot.SpringApplication.applyInitializers(SpringApplication.java:649) [spring-boot-2.1.4.RELEASE.jar!/:2.1.4.RELEASE]
at org.springframework.boot.SpringApplication.prepareContext(SpringApplication.java:373) [spring-boot-2.1.4.RELEASE.jar!/:2.1.4.RELEASE]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:314) [spring-boot-2.1.4.RELEASE.jar!/:2.1.4.RELEASE]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:1260) [spring-boot-2.1.4.RELEASE.jar!/:2.1.4.RELEASE]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:1248) [spring-boot-2.1.4.RELEASE.jar!/:2.1.4.RELEASE]
at com.verizon.cao.hcm.shared.security.AuthorizationApplication.main(AuthorizationApplication.java:15) [classes!/:0.1.0]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.8.0_172]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:1.8.0_172]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.8.0_172]
at java.lang.reflect.Method.invoke(Method.java:498) ~[na:1.8.0_172]
at org.springframework.boot.loader.MainMethodRunner.run(MainMethodRunner.java:48) [auth-0.1.0.jar:0.1.0]
at org.springframework.boot.loader.Launcher.launch(Launcher.java:87) [auth-0.1.0.jar:0.1.0]
at org.springframework.boot.loader.Launcher.launch(Launcher.java:50) [auth-0.1.0.jar:0.1.0]
at org.springframework.boot.loader.JarLauncher.main(JarLauncher.java:51) [auth-0.1.0.jar:0.1.0]
Caused by: java.lang.IllegalStateException: Unable to invoke Cipher due to bad padding
at org.springframework.security.crypto.encrypt.CipherUtils.doFinal(CipherUtils.java:142) ~[spring-security-crypto-5.1.5.RELEASE.jar!/:5.1.5.RELEASE]
at org.springframework.security.crypto.encrypt.AesBytesEncryptor.decrypt(AesBytesEncryptor.java:128) ~[spring-security-crypto-5.1.5.RELEASE.jar!/:5.1.5.RELEASE]
at org.springframework.security.crypto.encrypt.HexEncodingTextEncryptor.decrypt(HexEncodingTextEncryptor.java:40) ~[spring-security-crypto-5.1.5.RELEASE.jar!/:5.1.5.RELEASE]
at org.springframework.cloud.bootstrap.encrypt.EnvironmentDecryptApplicationInitializer.doDecrypt(EnvironmentDecryptApplicationInitializer.java:230) ~[spring-cloud-context-2.1.0.RELEASE.jar!/:2.1.0.RELEASE]
... 17 common frames omitted
Caused by: javax.crypto.BadPaddingException: Given final block not properly padded. Such issues can arise if a bad key is used during decryption.
at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:991) ~[sunjce_provider.jar:1.8.0_171]
at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:847) ~[sunjce_provider.jar:1.8.0_171]
at com.sun.crypto.provider.AESCipher.engineDoFinal(AESCipher.java:446) ~[sunjce_provider.jar:1.8.0_171]
at javax.crypto.Cipher.doFinal(Cipher.java:2164) ~[na:1.8.0_171]
at org.springframework.security.crypto.encrypt.CipherUtils.doFinal(CipherUtils.java:135) ~[spring-security-crypto-5.1.5.RELEASE.jar!/:5.1.5.RELEASE]
I have configserver deployed working, able to encrypt and decrypt passwords using url localhost:8888/encrypt and localhost:8888/decrypt. I encrypted password used in the config server security.user.password.
I added encryted securitykey to config client bootstrap properties. Now bootsttrap for config client as follows.
encrypt:
key: caoConfigserverspring
application:
name: xyz
cloud:
config:
uri: http://localhost:8888
enabled: true
fail-fast: true
username: my_user
password: '{cipher}1234567890hjdbcbvnhfg'
server:
port: 8080
I tried password without single quote and application fails with parsing error. I tried with plain as password and the application works fine. When I use encrypted value, while deploying I see following error. What am I missing when using encrypted password?
2019-05-17 13:03:53 - Application run failed
java.lang.IllegalStateException: Cannot decrypt: key=cloud.config.password
at org.springframework.cloud.bootstrap.encrypt.EnvironmentDecryptApplicationInitializer.doDecrypt(EnvironmentDecryptApplicationInitializer.java:238) ~[spring-cloud-context-2.1.0.RELEASE.jar!/:2.1.0.RELEASE]
at org.springframework.cloud.bootstrap.encrypt.EnvironmentDecryptApplicationInitializer.decrypt(EnvironmentDecryptApplicationInitializer.java:169) ~[spring-cloud-context-2.1.0.RELEASE.jar!/:2.1.0.RELEASE]
at org.springframework.cloud.bootstrap.encrypt.EnvironmentDecryptApplicationInitializer.initialize(EnvironmentDecryptApplicationInitializer.java:96) ~[spring-cloud-context-2.1.0.RELEASE.jar!/:2.1.0.RELEASE]
at org.springframework.cloud.bootstrap.BootstrapApplicationListener$DelegatingEnvironmentDecryptApplicationInitializer.initialize(BootstrapApplicationListener.java:407) ~[spring-cloud-context-2.1.0.RELEASE.jar!/:2.1.0.RELEASE]
at org.springframework.boot.SpringApplication.applyInitializers(SpringApplication.java:649) [spring-boot-2.1.4.RELEASE.jar!/:2.1.4.RELEASE]
at org.springframework.boot.SpringApplication.prepareContext(SpringApplication.java:373) [spring-boot-2.1.4.RELEASE.jar!/:2.1.4.RELEASE]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:314) [spring-boot-2.1.4.RELEASE.jar!/:2.1.4.RELEASE]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:1260) [spring-boot-2.1.4.RELEASE.jar!/:2.1.4.RELEASE]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:1248) [spring-boot-2.1.4.RELEASE.jar!/:2.1.4.RELEASE]
at com.verizon.cao.hcm.shared.security.AuthorizationApplication.main(AuthorizationApplication.java:15) [classes!/:0.1.0]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.8.0_172]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:1.8.0_172]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.8.0_172]
at java.lang.reflect.Method.invoke(Method.java:498) ~[na:1.8.0_172]
at org.springframework.boot.loader.MainMethodRunner.run(MainMethodRunner.java:48) [auth-0.1.0.jar:0.1.0]
at org.springframework.boot.loader.Launcher.launch(Launcher.java:87) [auth-0.1.0.jar:0.1.0]
at org.springframework.boot.loader.Launcher.launch(Launcher.java:50) [auth-0.1.0.jar:0.1.0]
at org.springframework.boot.loader.JarLauncher.main(JarLauncher.java:51) [auth-0.1.0.jar:0.1.0]
Caused by: java.lang.IllegalStateException: Unable to invoke Cipher due to bad padding
at org.springframework.security.crypto.encrypt.CipherUtils.doFinal(CipherUtils.java:142) ~[spring-security-crypto-5.1.5.RELEASE.jar!/:5.1.5.RELEASE]
at org.springframework.security.crypto.encrypt.AesBytesEncryptor.decrypt(AesBytesEncryptor.java:128) ~[spring-security-crypto-5.1.5.RELEASE.jar!/:5.1.5.RELEASE]
at org.springframework.security.crypto.encrypt.HexEncodingTextEncryptor.decrypt(HexEncodingTextEncryptor.java:40) ~[spring-security-crypto-5.1.5.RELEASE.jar!/:5.1.5.RELEASE]
at org.springframework.cloud.bootstrap.encrypt.EnvironmentDecryptApplicationInitializer.doDecrypt(EnvironmentDecryptApplicationInitializer.java:230) ~[spring-cloud-context-2.1.0.RELEASE.jar!/:2.1.0.RELEASE]
... 17 common frames omitted
Caused by: javax.crypto.BadPaddingException: Given final block not properly padded. Such issues can arise if a bad key is used during decryption.
at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:991) ~[sunjce_provider.jar:1.8.0_171]
at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:847) ~[sunjce_provider.jar:1.8.0_171]
at com.sun.crypto.provider.AESCipher.engineDoFinal(AESCipher.java:446) ~[sunjce_provider.jar:1.8.0_171]
at javax.crypto.Cipher.doFinal(Cipher.java:2164) ~[na:1.8.0_171]
at org.springframework.security.crypto.encrypt.CipherUtils.doFinal(CipherUtils.java:135) ~[spring-security-crypto-5.1.5.RELEASE.jar!/:5.1.5.RELEASE]