集中配置中机密文件中的RSA私钥

本文介绍了集中配置中机密文件中的RSA私钥的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！ 问题描述

我正在创建一个应用程序，其中将RSA私钥放在application.yml中，以字符串形式读取. 我想将其放在机密文件中，并从可使用我所有集中式配置的机密文件中读取它. 我的要求是，我想从机密文件中将其读取为字符串，而不是从.pem文件中读取

I am creating an application where I am placing the RSA private key in application.yml to be read as a string. I want to put it in a secrets file and read it from a secret file where my all centralized configurations are available. My Requirement is, I want to read it from secret file as a string and not from .pem file

在application.yml中，通常我如何使用中央配置.

In application.yml, generally how am I using the central config.

logging: level: org: springframework: ${LOG_LEVEL:INFO}

因此，我们将LOG_LEVEL=INFO放在了集中配置中，Docker和EKS使用它来部署应用程序. 同样，我们有一个秘密文件来保存密码，密钥等.

So we put the LOG_LEVEL=INFO in centralized config which is used by docker and EKS to deploy the application. Similarly, we have a secrets file to keep the passwords, keys, etc.

Two questions:- 1. How can I put private keys in application.yml with a variable and default value? 2. How can I put the key in the secrets file in the centralized config?

在application.yml中工作的RSA密钥没有变量和默认值，但要使其外部化，我需要Spring Boot可以读取的变量.

Working RSA key in application.yml without variable and default value but to externalize it I need variable which spring boot can read.

privateKey: | -----BEGIN RSA PRIVATE KEY----- Key data -----END RSA PRIVATE KEY-----

我试图像对待日志一样将其放入变量中，但这是行不通的.

I tried to do put it in a variable as we do for logs but that doesn't work.

privateKey: ${PRIVATE_KEY:| -----BEGIN RSA PRIVATE KEY----- Key data -----END RSA PRIVATE KEY-----}

有没有一种方法可以将私钥用作application.yml中的字符串并将其集中化.

Is there a way we can use the private key as a string in application.yml and centralize it too.

让我知道是否需要更多信息.

Let me know if you need more information.

推荐答案

我正在使用python并将密钥存储在configmap和secrets中.加载JSON格式的密钥.以前，当我从secret获取密钥时，我遇到了/n和空白的问题，这些问题会自动添加和管理.

I am using python and storing keys in configmap and secrets. Loading keys in JSON format. Previously when i was fetching keys from secret i was facing issue of /n and white spaces which added and manage automatically.

在python config.py中，我将其替换为/n并加载JSON.

In python config.py i am replacing it with /n and loading JSON.

例如:

app.config['CLIENT_SECRET'] = json.loads(os.environ.get("CLIENT_SECRET").replace("\'", ""))

此处是configmap的测试示例密钥:

here test example key for configmap :

CLIENT_SECRET: '{"type": "service_account", "project_id": "test-check-x", "private_key_id": "b0a8b2860c4646db85c7625c3610e4dafd9rr495", "private_key": "-----BEGIN PRIVATE KEY-----\nNGGEvAIBRTANBgkqhkiG9w0BAQEFCCSCBKYwggSiAgEAAoIBAQC2rC4PLop8907yt\nHqFb9BmmetaCwGCDC30XP7zxamyOCnkSVdHfMmVTphR9iajDU1/6PJVTHm5ANeww\n2x6RGn0/Y6Krc63oBuqUTE8ZNemmRef7u1D/EYpizGP8TNrI4wYrChdfdfdKl4V4AI8C\ndpVwQkHPaEtJpDjRiID9Xt3+xbR0RNJg4ueuyie6nBXHQmx+g9ox0DFOj+s79VEB\nQOkqjKQuutHGhPtvomCLqfO+f1NTMXVhePq3gFawuTM0IZ9SF084EsJrKNxsi1yr\nUA8jaHAPckk8boSllFXHHpoU80AahrWd+bd+PdrfSjj95I1cgPYcLYbB7Wu7n1zo\n0SJD1EQLAgMBAAECggEAFGtB/sUctS3LG62H1efUPNgQRa9MBSScnU5XnW4K/QRO\nAkRWNapuycnkmNcGu/FZkiGBgzd+QBkxnJ3HA0CVwtHYAMLpK+gnV9+rxnf7SnBt\nUlCJk5QaBu8tN1TpQ86fWuJBUlmGPCK72Zz4bq2eqO4nNEUcwMyPC+4LHIvBnygh\n/TpM/1SDcgzQGqLCE1cpX4PXyU5P9mSBY9IOrI7gkhKvhVBFEGgVzyzwHBmIfSFJ\nZqtJW/lbfqTt/gm00c4w6jiRROfaWXVif70y2XkCFIdftE5at8Ldfc//oRkCnOxt\niOag1SKN/fX1tmSGBtu3pl7kkF92lMEfiP7Ewvu9SQKBgQDvtRRSnQxniMwBTLib\nNYinH0KB89jEjVDh7RoDx76mdu+2U7RaX4xxCkY3Z/y5lVoCUue+t/14uNRLgQPW\njumKnBOBvT2r7G0C/uwcQbhi1MTK0zoVbrx6MJ8R3gE+6HWEG8J/1+UgyMbGo3aB\nFNe8wja65SEBA/IC6xcFlaMcvwKBgQDDFrFNOOuzUJ06jcBppQISDGs012jdD+Qr\nsTGPetD68oQxhcNHQ44tCRqbmq2iDA7I5YRikabtHIOVIs0rblSXOVEr3sS3kOnU\nGGIKhykDnK8vs4g4t+N/WrZeoD/Ez9Vlpc7VHITnx1/9AVJqJGXvmfco495DmBXC\nSbwZzN5PtQKBgEPxf6ErAqkWDT0REgJsWh+ErMVI6NhNde+T1RvdMhzc+XUkpKo5\nCwW/c8egofG4c5rVBPr6C858FTCRkRTvzSKMurq7eQ+SJBQFTcd0mV7qEB2tYXlR\nufqobW4TDydVnHmlpKu39iokvrLvAlf0IHJQWlL/Pyuagq5xFEVw9JrhAoGAIoiU\n0BegWXiOrHvFMK495JYAMDVlYaRbfoR6Qmy6K4Hcdqu3+phxxXUUGbFSxRmfUF6Y\nhZ5Ezzo57J9hdCuum6pQvRRM/DWRvrKmQDjWwMXumOIN3gRnJ/cVy0BQqXUk0D5+\nk2jd+e1oB3BBd3qD9NrrTnivsoVsbJ0CyApk2/UCgYAtcCnsnkySdDee4IwV7Ns+\nSqKExRX6xt69JrNlCExyTF35+ZyZMrDZR6wxUIVPWn//vVNA9KQiRgfOlCRjvbxe\nl5fRS2auOH1/DztMFUWGhuNXTjlLNgZRKhuJF4txUzdHJnoIXL/8bfMCKYCxZKbmf\nC7huNhJNf+btG27zr8MD7Q==\n-----END PRIVATE KEY-----\n", "client_email": "script-test@test-checck-x.iam.gserviceaccount", "client_id": "11425276876957878", "auth_uri": "accounts.google/o/oauth2/auth", "token_uri": "oauth2.googleapis/token", "auth_provider_x509_cert_url": "www.googleapis/oauth2/v1/certs", "client_x509_cert_url": "www.googleapis/robot/v1/metadata/x509/script-test%40test-chec-x.iam.gserviceaccount"}'

我对弹簧靴的想法不多，但这种方式对我来说效果很好.

i have not much idea of spring boot but it's working well for me this way.