Skip to content

Decrypt Spring Cloud Config with values encrypted with asymmetric key

License

Notifications You must be signed in to change notification settings

grepplabs/spring-config-decryptor

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

spring-config-decryptor

Decrypt Spring Cloud Config with values encrypted with asymmetric key

Overview

spring-config-decryptor is a tool to decrypt Spring Boot configuration with values encrypted with RSA public key using spring encrypt from Spring Cloud CLI toolkit.

The secret values are base64 encoded and start with {cipher} prefix.

Install binary release

  1. Download the latest release

    Linux

     curl -Ls https://github.com/grepplabs/spring-config-decryptor/releases/download/v0.0.4/spring-config-decryptor-v0.0.4-linux-amd64.tar.gz | tar xz
    

    macOS

     curl -Ls https://github.com/grepplabs/spring-config-decryptor/releases/download/v0.0.4/spring-config-decryptor-v0.0.4-darwin-amd64.tar.gz | tar xz
    

    windows

     curl -Ls https://github.com/grepplabs/spring-config-decryptor/releases/download/v0.0.4/spring-config-decryptor-v0.0.4-windows-amd64.tar.gz | tar xz
    
  2. Move the binary in to your PATH.

    sudo mv ./spring-config-decryptor /usr/local/bin/spring-config-decryptor
    

Building

make clean build

Build in docker

Linux

    make build.linux

MacOS

    make build.darwin

Windows

    make build.windows

Usage

export ENCRYPT_KEY=$(cat private.pem)
cat configmap.yaml | spring-config-decryptor

Help output

Usage of spring-config-decryptor:
  -f string
        The file name to decrypt. Use '-' for stdin. (default "-")
  -k string
        The file with RSA private key. If empty the key is read from environment variable ENCRYPT_KEY / ENCRYPT_KEY_BASE64
  -o string
        The file to write the result to. Use '-' for stdout. (default "-")