These are chat archives for spring-cloud/spring-cloud

3rd
Jul 2016
Raj
@rajjaiswalsaumya
Jul 03 2016 17:57
I know if i encrypt properties that will be decrypted by default. Is there a way that all properties i kept in application.yml get auto encrypted upon setting a property. I mean there are 100+ property i cannot go one by one and encrypt all
Dave Syer
@dsyer
Jul 03 2016 18:08
It's not an application's responsibility to encrypt config data.
It has to be encrypted at rest
I guess maybe the new Vault back end could help
But really, you shouldn't have 100s of encrypted properties per app. More like 2 or 3 I'd expect.
bitsofinfo
@bitsofinfo
Jul 03 2016 21:17
@rajjaiswalsaumya yeah definitely encrypt passwords/creds, secondarily/optionally principal/usernames, if paranoid endpoint fqdns or other location data, and everything else if you are ultra paranoid :) But yeah, 100's of props sounds like a lot
Raj
@rajjaiswalsaumya
Jul 03 2016 22:48
Its not microservice but a fat war. So application depends on that many properties.
I am deassembling them into micro
So i asked any direct way to encrypt them
Like our custom encrytion currently does . If in property we have {+ENC}blabla it thinks blabla has to be encrypted. If we have {ENC} it thinks property is already encrypted and if no {ENC} it thinks its plain and has to be served plain