Decrypt Spring Cloud Config with values encrypted with asymmetric key
spring-config-decryptor is a tool to decrypt Spring Boot configuration with values encrypted with RSA public key using
spring encrypt
from Spring Cloud CLI toolkit.
The secret values are base64 encoded and start with {cipher}
prefix.
-
Download the latest release
Linux
curl -Ls https://github.com/grepplabs/spring-config-decryptor/releases/download/v0.0.4/spring-config-decryptor-v0.0.4-linux-amd64.tar.gz | tar xz
macOS
curl -Ls https://github.com/grepplabs/spring-config-decryptor/releases/download/v0.0.4/spring-config-decryptor-v0.0.4-darwin-amd64.tar.gz | tar xz
windows
curl -Ls https://github.com/grepplabs/spring-config-decryptor/releases/download/v0.0.4/spring-config-decryptor-v0.0.4-windows-amd64.tar.gz | tar xz
-
Move the binary in to your PATH.
sudo mv ./spring-config-decryptor /usr/local/bin/spring-config-decryptor
make clean build
Linux
make build.linux
MacOS
make build.darwin
Windows
make build.windows
export ENCRYPT_KEY=$(cat private.pem)
cat configmap.yaml | spring-config-decryptor
Usage of spring-config-decryptor:
-f string
The file name to decrypt. Use '-' for stdin. (default "-")
-k string
The file with RSA private key. If empty the key is read from environment variable ENCRYPT_KEY / ENCRYPT_KEY_BASE64
-o string
The file to write the result to. Use '-' for stdout. (default "-")