Post

2 followers Follow
1
Avatar

Spring Cloud Services - Proper way to authenticate to use Config Server endpoints (i.e. encryption)

We are using Spring Cloud Services v1.0.0 with PCF 1.6.0. I want to take advantage of the endpoints exposed via the EncryptionController (/encryption, /decryption, etc). However I am unsure of the proper credentials to do so. Accessing the endpoints returns a "Full authentication required" error which I assume means it requires and OAuth token. However I am unsure of how exactly to acquire the token myself (e.g. via cURL).

Is there any plans to make these endpoints somehow available through the Config Server management interface?

Steve Oakey

Official comment

Avatar

Hello,

I had to verify this with engineering, but these end points are not supported through SCS at this time. There are no plans at this time to add support for them, but if / when support is added it will be exposed through the management interface.

Thanks,

Dan

Daniel Mikusa

Please sign in to leave a comment.

4 comments

0
Avatar

Hi Dan,

Thanks for the reply. Is there any way that I can vote on this feature? We feel that the ability to store encrypted properties in the configuration repo is very useful since it greatly reduces the complexity of deployments since we don't need to inject secure properties at deployment time in an attempt to mask them.

Steve Oakey 0 votes
-1
Avatar

Steve,

I talked with our engineers a bit more about this and the difficulty with this feature is not technical but legal. The encryption and decryption features require the full JCE to operate and we cannot ship that with the product due to government export restrictions.

If there's enough interest, I'm sure that we can find a way to work around that (perhaps by having the user upload that bit to enable it?) but for now it's not possible.

As far as voting, we don't really have a system for that. I did talk to the product engineers though, so thy're aware someone asked for it. If enough people asked for it, I'm sure the functionality would end up in the product. The only other thing you could do here would be to contact your account manager. Account managers can log feature requests on the behalf of paid customers.

Hope that helps!

Dan

Daniel Mikusa -1 votes
0
Avatar

Thanks again for the reply Dan.

We have already modified the default Java build pack that our apps are using (which includes the build pack the Spring Cloud Services are using) to include the unlimited JCE policy, so it is definitely easy to customize on the client side.

I will talk to someone at my organization about making an official feature request. Thanks again for the discussion.

Steve Oakey 0 votes