I have a Spring Boot application which has some encrypted values in its property file
e.g. spring.security.user.password=ENC(ZUkuSkFAiu/k7v7G1538ouQmuSWeAuOucAVuvxLCDwwJ0mgnIdfl3N/RgiZMGeBm)
I am using jasypt to decrypt these on the fly. This works fine running locally.
However when I deploy the app on Cloud Foundry my property file now pulls the value from vcap env variables.
e.g.
spring.security.user.password=${vcap.services.myconfig.credentials.user.password}
in PCF the value is added as
user.password = ENC(ZUkuSkFAiu/k7v7G1538ouQmuSWeAuOucAVuvxLCDwwJ0mgnIdfl3N/RgiZMGeBm)
However now my app fails to start and i get an error saying
ERROR 22 --- [ main] o.s.b.web.embedded.tomcat.TomcatStarter : Error starting Tomcat context. Exception: org.springframework.beans.factory.UnsatisfiedDependencyException. Message: Error creating bean with name 'securityFilterChainRegistration' defined in class path resource [org/springframework/boot/autoconfigure/security/servlet/SecurityFilterAutoConfiguration.class]: Unsatisfied dependency expressed through method 'securityFilterChainRegistration' parameter 0; nested exception is org.springframework.boot.context.properties.ConfigurationPropertiesBindException: Error creating bean with name 'spring.security-org.springframework.boot.autoconfigure.security.SecurityProperties': Could not bind properties to 'SecurityProperties' : prefix=spring.security, ignoreInvalidFields=false, ignoreUnknownFields=true; nested exception is org.springframework.boot.context.properties.bind.BindException: Failed to bind properties under 'spring.security.user.password' to java.lang.String
Is there any reason I am missing why this works locally but not on Cloud Foundry?
UPDATE
cf env returns ...
System-Provided:
{
"VCAP_SERVICES": {
"user-provided": [
{
"binding_name": null,
"credentials": {
"JAVA_OPTS": "-Dspring.security.user.password=ENC\\\\(ZUkuSkFAiu/k7v7G1538ouQmuSWeAuOucAVuvxLCDwwJ0mgnIdfl3N/RgiZMGeBm\\\\)",
"user.password": "ENC(ZUkuSkFAiu/k7v7G1538ouQmuSWeAuOucAVuvxLCDwwJ0mgnIdfl3N/RgiZMGeBm)"
},
"instance_name": "myconfig",
"label": "user-provided",
"name": "myconfig",
"syslog_drain_url": "",
"tags": [],
"volume_mounts": []
}
]
}
}
where this sows the JAVA_OPTS version that works and also the user.password property that wont resolve
Try this once:
JAVA_OPTS=-Dspring.security.user.password=ENC\\(ZUkuSkFAiu/k7v7G1538ouQmuSWeAuOucAVuvxLCDwwJ0mgnIdfl3N/RgiZMGeBm\\)