1.配置中心提供HTTP rest 服務
/{application}/{profile}[/{label}]
/{application}-{profile}.yml
/{label}/{application}-{profile}.yml
/{application}-{profile}.properties
/{label}/{application}-{profile}.properties
{application} maps to "spring.application.name" on the client side;
{profile} maps to "spring.profiles.active" on the client (comma separated list); and
{label} which is a server side feature labelling a "versioned" set of config files.
用戶端配置舉例:
bootstrap.yml 優先于application.yml加載;
spring:
application:
name: foo
profiles:
active: dev,mysql
2. spring-cloud-config 使用GIT服務時,為GIT服務添加使用者名密碼
application.yml配置檔案中添加
spring:
cloud:
config:
server:
git:
uri: https://github.com/spring-cloud-samples/config-repo
username: trolley
password: strongpassword
3.spring-cloud-config 的REST 要求進行使用者名密碼鑒權
- 服務端
application.yml配置檔案中添加
pom.xml 中添加
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
-
用戶端
bootstrap.yml
spring:
cloud:
config:
uri: https://user:[email protected].mycompany.com
4.spring-cloud-config 中的配置資訊以密文存儲方式存儲在GIT中
有對稱加密和非對稱加密兩種方式,本文主要講對稱加密的配置
1. application.yml在配置檔案中添加encrypt.key參數,生産環境可以放到JVM啟動參數中或者系統變量裡
To configure a symmetric key you just need to set encrypt.key to a secret String (or use an enviroment variable ENCRYPT_KEY to keep it out of plain text configuration files).
如:application.yml
to use the encryption and decryption features you need the full-strength JCE installed in your JVM (it’s not there by default).
http://projects.spring.io/spring-cloud/spring-cloud.html#_encryption_and_decryption
2.使用 /encrypt rest服務進行加密 (REST工具 https://www.getpostman.com/)
$ curl localhost:/encrypt -d mysecret
bc583f4641835fa2db009355293665d2647dade3375c0ee201de2a49f7bda
3.git中的配置檔案的配置項可以使用{cipher}開頭,表示用戶端調用時,配置服務會使用encrypt.key進行解密操作,使用戶端得到最終資訊
以上步驟解決了GIT倉庫配置資訊明文存儲的問題.
4.當配置服務的用戶端通路URL時,可以得到解密後的資訊,
$curl localhost:/decrypt -d bc583f4641835fa2db009355293665d2647dade3375c0ee201de2a49f7bda
mysecret
參考資料
http://cloud.spring.io/spring-cloud-config/spring-cloud-config.html
https://github.com/spring-cloud-samples/configserver
http://blog.didispace.com/springcloud4/
http://www.tuicool.com/articles/eeyQFrz