spring-config-decryptor

Decrypt Spring Cloud Config with values encrypted with asymmetric key

Overview

spring-config-decryptor is a tool to decrypt Spring Boot configuration with values encrypted with RSA public key using spring encrypt from Spring Cloud CLI toolkit.

The secret values are base64 encoded and start with {cipher} prefix.

Install binary release

1. Download the latest release

   Linux

    curl -Ls https://github.com/grepplabs/spring-config-decryptor/releases/download/v0.0.4/spring-config-decryptor-v0.0.4-linux-amd64.tar.gz | tar xz
   

   macOS

    curl -Ls https://github.com/grepplabs/spring-config-decryptor/releases/download/v0.0.4/spring-config-decryptor-v0.0.4-darwin-amd64.tar.gz | tar xz
   

   windows

    curl -Ls https://github.com/grepplabs/spring-config-decryptor/releases/download/v0.0.4/spring-config-decryptor-v0.0.4-windows-amd64.tar.gz | tar xz
   

2. Move the binary in to your PATH.

   sudo mv ./spring-config-decryptor /usr/local/bin/spring-config-decryptor
   

Building

make clean build

Build in docker

Linux

    make build.linux

MacOS

    make build.darwin

Windows

    make build.windows

Usage

export ENCRYPT_KEY=$(cat private.pem)
cat configmap.yaml | spring-config-decryptor

Help output

Usage of spring-config-decryptor:
  -f string
        The file name to decrypt. Use '-' for stdin. (default "-")
  -k string
        The file with RSA private key. If empty the key is read from environment variable ENCRYPT_KEY / ENCRYPT_KEY_BASE64
  -o string
        The file to write the result to. Use '-' for stdout. (default "-")