ibm bluemix - Hook for Decrypting Passwords with Spring Cloud Connectors -
we have application deployed cloudfoundry/bluemix. application reads database connections vcap_services environment variable. db password stored in environment variable encrypted , decrypt when application boots up.
we looking @ spring cloud service connectors. cloud connectors provide hook, can decrypt password vcap_services before datasource instance created?
why want this? app decryption key from? if it's hard-coded in app, that's antipattern make hard rotate key. if it's through environment variable, it's no more secure storing database credentials unencrypted services in cloud foundry - services in cf nothing more domain-specific groups of environment variables. can't see encrypting them adds security.
to answer question: not out-of-the-box, intercept flow of spring components act on environment variables cloud foundry provides app.
the abstract class creates serviceinfo instances cloudfoundryserviceinfocreator. @ maybe providing custom implementation of this? there blog post describing how spring cloud connectors works. might able extend cloudfoundryconnector too.
Comments
Post a Comment