So I've done some Googling and read some of the documentation on Spring Cloud, but in an effort to truly punish myself, I'm seeking to understand just exactly how encrypting sensitive application properties with a "{cipher}" really works.
For example in an application.yml...
Spring.datasource.password: '{cipher} abdjdbdjfb15168gddbdk3900289'
My understanding is that it is safe to commit this to a repo and that spring boot uses an encrypt.key in bootstrap.yml in order to decrypt it when needed.
What I don't understand is why is it safe to commit the encrypt.key to the repo? And if you don't, then how am I supposed to utilize this?
I also found a link on the heroku documentation that you maybe set this as a configuration variable in the server?
Bottom line, I have a lot of questions and, most importantly, I am not even sure what questions I need to be asking. So I'm hoping someone out there that knows what they're doing can point me in a few right directions of some links to read etc to get me going please?
Thanks in advance!
First of all, checkout the reference documentation about encryption in Spring Cloud Config which explains possibilities of configuration support.
You should never commit sensitive data such as keys to a source code repository if you can't control access to that repository. Not only regular access but also physical access, backups, ….
The preferred approach how to handle keys is storing the key in as few places as possible, ideally only on the server side where decryption happens. There you have the option to either use a bootstrap config, system properties or environment variables as a mechanism to pass the key to your runtime.
You might want to peek into HashiCorp Vault support as Vault solves the chicken-egg problem of key management. Instead, you can obtain a Vault token (from inside your client application, or configure a token on the server) and Vault will handle encryption/decryption for you.