{"id":3747,"date":"2025-12-24T10:00:03","date_gmt":"2025-12-24T15:00:03","guid":{"rendered":"https:\/\/www.mymiller.name\/wordpress\/?p=3747"},"modified":"2025-12-24T10:00:03","modified_gmt":"2025-12-24T15:00:03","slug":"secure-your-secrets-encrypting-values-with-spring-cloud-config","status":"publish","type":"post","link":"https:\/\/www.mymiller.name\/wordpress\/spring_config\/secure-your-secrets-encrypting-values-with-spring-cloud-config\/","title":{"rendered":"Secure Your Secrets: Encrypting Values with Spring Cloud Config"},"content":{"rendered":"\n<div class=\"wp-block-jetpack-markdown\"><p>In the world of microservices, Spring Cloud Config provides a centralized way to manage externalized configurations for your applications. But what about sensitive data like database passwords or API keys? That\u2019s where encryption comes in. This blog post will guide you through the process of encrypting your sensitive values using Spring Cloud Config.<\/p>\n<p><strong>Why Encrypt?<\/strong><\/p>\n<p>Storing sensitive data in plain text within your configuration files is a major security risk. Encryption ensures that even if your configuration repository is compromised, the sensitive information remains protected.<\/p>\n<p><strong>Steps to Enable Encryption:<\/strong><\/p>\n<ol>\n<li>\n<p><strong>Set Up Your Config Server:<\/strong><\/p>\n<ul>\n<li>\n<p>Add the <code>spring-cloud-config-server<\/code> dependency to your project.<\/p>\n<\/li>\n<li>\n<p>Configure your server to point to your configuration repository (e.g., Git).<\/p>\n<\/li>\n<li>\n<p>Enable encryption by setting the <code>encrypt.enabled<\/code> property to <code>true<\/code> in your <code>application.properties<\/code> or <code>application.yml<\/code> file.<\/p>\n<pre><code class=\"language-yaml\">encrypt:\n  enabled: true\n<\/code><\/pre>\n<\/li>\n<\/ul>\n<\/li>\n<li>\n<p><strong>Choose an Encryption Method:<\/strong><\/p>\n<ul>\n<li>\n<p><strong>Symmetric Encryption:<\/strong> Uses a single secret key for both encryption and decryption. This is simpler to set up but requires securely managing the key. You can set the key using the <code>encrypt.key<\/code> property.<\/p>\n<pre><code class=\"language-yaml\">encrypt.key: your-secret-key\n<\/code><\/pre>\n<\/li>\n<li>\n<p><strong>Asymmetric Encryption:<\/strong> Uses a public key for encryption and a private key for decryption. This offers better security but is more complex to manage. Here\u2019s how to set it up:<\/p>\n<ul>\n<li>\n<p><strong>Generate a Key Pair:<\/strong> Use the <code>keytool<\/code> command-line utility to generate an RSA key pair.<\/p>\n<pre><code class=\"language-bash\">keytool -genkeypair -alias config-server -keyalg RSA -keystore config-server.jks -storepass password\n<\/code><\/pre>\n<p>This command generates a keystore file named <code>config-server.jks<\/code> with the alias <code>config-server<\/code> secured by the password \u201cpassword\u201d. You\u2019ll be prompted to provide additional information for the key pair.<\/p>\n<\/li>\n<li>\n<p><strong>Configure the Config Server:<\/strong> In your <code>application.properties<\/code> or <code>application.yml<\/code> file, specify the keystore location, alias, and passwords.<\/p>\n<pre><code class=\"language-yaml\">encrypt:\n  keyStore:\n    location: config-server.jks \n    password: password\n    alias: config-server\n    secret: password \n<\/code><\/pre>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<li>\n<p><strong>Encrypt Your Values:<\/strong><\/p>\n<ul>\n<li><strong>Using the Config Server Endpoints:<\/strong>\n<ul>\n<li>Send a POST request to the <code>\/encrypt<\/code> endpoint of your config server with the value you want to encrypt in the request body.<\/li>\n<li>The response will contain the encrypted value.<\/li>\n<\/ul>\n<\/li>\n<li><strong>Using the <code>spring<\/code> CLI:<\/strong>\n<ul>\n<li>Use the <code>spring encrypt<\/code> command to encrypt values from your command line. You can specify the keystore details here as well.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<li>\n<p><strong>Store Encrypted Values:<\/strong><\/p>\n<ul>\n<li>\n<p>Replace the plain text values in your configuration files with the encrypted values. Prefix the encrypted values with <code>{cipher}<\/code>.<\/p>\n<pre><code class=\"language-yaml\">spring:\n  datasource:\n    password: '{cipher}encrypted-password'\n<\/code><\/pre>\n<\/li>\n<\/ul>\n<\/li>\n<li>\n<p><strong>Access Encrypted Values in Your Applications:<\/strong><\/p>\n<ul>\n<li>Add the <code>spring-cloud-config-client<\/code> dependency to your client applications.<\/li>\n<li>The config client will automatically decrypt the values when fetching them from the config server.<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n<p><strong>Example:<\/strong><\/p>\n<p>Let\u2019s say you have a database password in your <code>application.yml<\/code> file:<\/p>\n<pre><code class=\"language-yaml\">spring:\n  datasource:\n    password: mysecretpassword\n<\/code><\/pre>\n<ol>\n<li>\n<p><strong>Encrypt the password (using the <code>\/encrypt<\/code> endpoint):<\/strong><\/p>\n<pre><code class=\"language-bash\">curl -X POST localhost:8888\/encrypt -d mysecretpassword\n<\/code><\/pre>\n<p>This will return the encrypted value:<\/p>\n<pre><code>{cipher}6b...encrypted-value...8f\n<\/code><\/pre>\n<\/li>\n<li>\n<p><strong>Update your <code>application.yml<\/code>:<\/strong><\/p>\n<pre><code class=\"language-yaml\">spring:\n  datasource:\n    password: '{cipher}6b...encrypted-value...8f'\n<\/code><\/pre>\n<\/li>\n<\/ol>\n<p>Now, your client application will receive the decrypted password when it fetches the configuration from the config server.<\/p>\n<p><strong>Security Best Practices:<\/strong><\/p>\n<ul>\n<li><strong>Strong Keys:<\/strong> Use strong and unique keys for encryption.<\/li>\n<li><strong>Key Management:<\/strong> Securely store and manage your encryption keys. Consider using a dedicated key management solution, especially for production environments.<\/li>\n<li><strong>Regular Key Rotation:<\/strong> Rotate your keys periodically to enhance security.<\/li>\n<\/ul>\n<p>By following these steps, you can leverage Spring Cloud Config\u2019s encryption capabilities to secure your sensitive data and build more robust and secure microservices.<\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"","protected":false},"author":1,"featured_media":3748,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_coblocks_attr":"","_coblocks_dimensions":"","_coblocks_responsive_height":"","_coblocks_accordion_ie_support":"","jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[433],"tags":[69,319],"series":[],"class_list":["post-3747","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-spring_config","tag-java-2","tag-spring"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"https:\/\/www.mymiller.name\/wordpress\/wp-content\/uploads\/2024\/10\/security-5726869_1280-jpg.avif","jetpack-related-posts":[{"id":3689,"url":"https:\/\/www.mymiller.name\/wordpress\/spring_config\/spring-cloud-config-encryption-securing-your-sensitive-data\/","url_meta":{"origin":3747,"position":0},"title":"Spring Cloud Config Encryption: Securing Your Sensitive Data","author":"Jeffery Miller","date":"November 18, 2025","format":false,"excerpt":"In the realm of modern application development, the security of sensitive data, such as database credentials, API keys, and third-party service configurations, is paramount. Spring Cloud Config, a powerful component of the Spring Cloud ecosystem, offers a streamlined approach to centralize and manage your application\u2019s configuration properties. However, storing sensitive\u2026","rel":"","context":"In &quot;Spring Config&quot;","block_context":{"text":"Spring Config","link":"https:\/\/www.mymiller.name\/wordpress\/category\/spring_config\/"},"img":{"alt_text":"","src":"https:\/\/www.mymiller.name\/wordpress\/wp-content\/uploads\/2024\/09\/castle-3856_1280-jpg.avif","width":350,"height":200,"srcset":"https:\/\/www.mymiller.name\/wordpress\/wp-content\/uploads\/2024\/09\/castle-3856_1280-jpg.avif 1x, https:\/\/www.mymiller.name\/wordpress\/wp-content\/uploads\/2024\/09\/castle-3856_1280-jpg.avif 1.5x, https:\/\/www.mymiller.name\/wordpress\/wp-content\/uploads\/2024\/09\/castle-3856_1280-jpg.avif 2x, https:\/\/www.mymiller.name\/wordpress\/wp-content\/uploads\/2024\/09\/castle-3856_1280-jpg.avif 3x"},"classes":[]},{"id":3744,"url":"https:\/\/www.mymiller.name\/wordpress\/spring_config\/3744\/","url_meta":{"origin":3747,"position":1},"title":"Spring Cloud Config: Choosing the Right Backend Storage","author":"Jeffery Miller","date":"December 23, 2025","format":false,"excerpt":"Spring Cloud Config offers a flexible way to manage your application\u2019s configuration. A crucial step is selecting the right backend to store your configuration data. Let\u2019s explore popular options, their pros and cons, configuration details, and the necessary dependencies for Maven and Gradle. 1. Git Pros: Version Control: Leverage Git\u2019s\u2026","rel":"","context":"In &quot;Spring Config&quot;","block_context":{"text":"Spring Config","link":"https:\/\/www.mymiller.name\/wordpress\/category\/spring_config\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.mymiller.name\/wordpress\/wp-content\/uploads\/2024\/04\/woman-8696271_640.jpg?fit=438%2C640&ssl=1&resize=350%2C200","width":350,"height":200},"classes":[]},{"id":3750,"url":"https:\/\/www.mymiller.name\/wordpress\/spring_config\/mastering-multi-profile-environments-with-spring-cloud-config\/","url_meta":{"origin":3747,"position":2},"title":"Mastering Multi-Profile Environments with Spring Cloud Config","author":"Jeffery Miller","date":"December 19, 2025","format":false,"excerpt":"Spring Cloud Config simplifies configuration management for microservices, but its power truly shines when dealing with diverse environments. This post dives into how to leverage multiple profiles with Spring Cloud Config, giving you fine-grained control over your application\u2019s behavior. Why Use Multiple Profiles? Imagine your application needs different settings for\u2026","rel":"","context":"In &quot;Spring Config&quot;","block_context":{"text":"Spring Config","link":"https:\/\/www.mymiller.name\/wordpress\/category\/spring_config\/"},"img":{"alt_text":"","src":"https:\/\/www.mymiller.name\/wordpress\/wp-content\/uploads\/2024\/10\/man-69283_1280-jpg.avif","width":350,"height":200,"srcset":"https:\/\/www.mymiller.name\/wordpress\/wp-content\/uploads\/2024\/10\/man-69283_1280-jpg.avif 1x, https:\/\/www.mymiller.name\/wordpress\/wp-content\/uploads\/2024\/10\/man-69283_1280-jpg.avif 1.5x, https:\/\/www.mymiller.name\/wordpress\/wp-content\/uploads\/2024\/10\/man-69283_1280-jpg.avif 2x, https:\/\/www.mymiller.name\/wordpress\/wp-content\/uploads\/2024\/10\/man-69283_1280-jpg.avif 3x"},"classes":[]},{"id":3438,"url":"https:\/\/www.mymiller.name\/wordpress\/spring\/architecting-with-spring-and-spring-cloud\/","url_meta":{"origin":3747,"position":3},"title":"Architecting with Spring and Spring Cloud","author":"Jeffery Miller","date":"December 24, 2025","format":false,"excerpt":"Building a Multi-Service Architecture with Spring 3.1.x and Spring Cloud: Unlocking the Power of Microservices In the ever-evolving landscape of software development, microservices have emerged as a powerful architectural paradigm, enabling organizations to build scalable, resilient, and agile applications. Spring, a widely adopted Java framework, provides a comprehensive suite of\u2026","rel":"","context":"In &quot;Spring&quot;","block_context":{"text":"Spring","link":"https:\/\/www.mymiller.name\/wordpress\/category\/spring\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.mymiller.name\/wordpress\/wp-content\/uploads\/2023\/11\/field-5236879_640.jpg?fit=640%2C360&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.mymiller.name\/wordpress\/wp-content\/uploads\/2023\/11\/field-5236879_640.jpg?fit=640%2C360&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/www.mymiller.name\/wordpress\/wp-content\/uploads\/2023\/11\/field-5236879_640.jpg?fit=640%2C360&ssl=1&resize=525%2C300 1.5x"},"classes":[]},{"id":3560,"url":"https:\/\/www.mymiller.name\/wordpress\/spng_security\/zero-trust-with-spring-boot-deep-dive-into-security\/","url_meta":{"origin":3747,"position":4},"title":"Zero Trust with Spring Boot: Deep Dive into Security","author":"Jeffery Miller","date":"September 22, 2025","format":false,"excerpt":"Zero Trust is a paradigm shift in security, assuming no inherent trust within a network. Implementing Zero Trust principles with Spring Boot fortifies your microservices against modern threats. Let\u2019s delve deeper into the key concepts: Secure Communication (HTTPS\/TLS): Encryption: HTTPS encrypts all communication between microservices, preventing eavesdropping and data tampering.\u2026","rel":"","context":"In &quot;Spring Security&quot;","block_context":{"text":"Spring Security","link":"https:\/\/www.mymiller.name\/wordpress\/category\/spng_security\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.mymiller.name\/wordpress\/wp-content\/uploads\/2024\/06\/Gemini_Generated_Image_y76fbby76fbby76f.jpg?fit=1200%2C1200&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.mymiller.name\/wordpress\/wp-content\/uploads\/2024\/06\/Gemini_Generated_Image_y76fbby76fbby76f.jpg?fit=1200%2C1200&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/www.mymiller.name\/wordpress\/wp-content\/uploads\/2024\/06\/Gemini_Generated_Image_y76fbby76fbby76f.jpg?fit=1200%2C1200&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/www.mymiller.name\/wordpress\/wp-content\/uploads\/2024\/06\/Gemini_Generated_Image_y76fbby76fbby76f.jpg?fit=1200%2C1200&ssl=1&resize=700%2C400 2x, https:\/\/i0.wp.com\/www.mymiller.name\/wordpress\/wp-content\/uploads\/2024\/06\/Gemini_Generated_Image_y76fbby76fbby76f.jpg?fit=1200%2C1200&ssl=1&resize=1050%2C600 3x"},"classes":[]},{"id":3447,"url":"https:\/\/www.mymiller.name\/wordpress\/spring_discovery\/discovery-first-bootstrap\/","url_meta":{"origin":3747,"position":5},"title":"Discovery First Bootstrap","author":"Jeffery Miller","date":"December 24, 2025","format":false,"excerpt":"In the realm of microservices architecture, effective configuration management is crucial for ensuring the seamless operation and dynamic adaptability of distributed applications. Spring Cloud Config Server and Spring Cloud Discovery Server have emerged as powerful tools for addressing this challenge. While the default \"Config First\" mode offers a straightforward approach,\u2026","rel":"","context":"In &quot;Spring Discovery&quot;","block_context":{"text":"Spring Discovery","link":"https:\/\/www.mymiller.name\/wordpress\/category\/spring_discovery\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.mymiller.name\/wordpress\/wp-content\/uploads\/2023\/11\/network-3152677_640.jpg?fit=640%2C427&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.mymiller.name\/wordpress\/wp-content\/uploads\/2023\/11\/network-3152677_640.jpg?fit=640%2C427&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/www.mymiller.name\/wordpress\/wp-content\/uploads\/2023\/11\/network-3152677_640.jpg?fit=640%2C427&ssl=1&resize=525%2C300 1.5x"},"classes":[]}],"jetpack_sharing_enabled":true,"jetpack_likes_enabled":true,"_links":{"self":[{"href":"https:\/\/www.mymiller.name\/wordpress\/wp-json\/wp\/v2\/posts\/3747","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.mymiller.name\/wordpress\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.mymiller.name\/wordpress\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.mymiller.name\/wordpress\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.mymiller.name\/wordpress\/wp-json\/wp\/v2\/comments?post=3747"}],"version-history":[{"count":1,"href":"https:\/\/www.mymiller.name\/wordpress\/wp-json\/wp\/v2\/posts\/3747\/revisions"}],"predecessor-version":[{"id":3749,"href":"https:\/\/www.mymiller.name\/wordpress\/wp-json\/wp\/v2\/posts\/3747\/revisions\/3749"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.mymiller.name\/wordpress\/wp-json\/wp\/v2\/media\/3748"}],"wp:attachment":[{"href":"https:\/\/www.mymiller.name\/wordpress\/wp-json\/wp\/v2\/media?parent=3747"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.mymiller.name\/wordpress\/wp-json\/wp\/v2\/categories?post=3747"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.mymiller.name\/wordpress\/wp-json\/wp\/v2\/tags?post=3747"},{"taxonomy":"series","embeddable":true,"href":"https:\/\/www.mymiller.name\/wordpress\/wp-json\/wp\/v2\/series?post=3747"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}