Module io.helidon.config.encryption

Package io.helidon.config.encryption

Class EncryptionFilter

java.lang.Object

io.helidon.config.encryption.EncryptionFilter

All Implemented Interfaces:

ConfigFilter

public final class EncryptionFilter
extends Object
implements ConfigFilter

Provides possibility to decrypt passwords from configuration sources. Configuration can be used to enforce encryption (e.g. we will fail on clear-text value).

Password in properties must be stored as follows:

• ${AES=base64} - encrypted password using a master password (must be provided to prime through configuration, system property or environment variable)
• ${RSA=base64} - encrypted password using a public key (private key must be available to Prime instance, its location must be provided to prime through configuration, system property or environment variable)
• ${ALIAS=alias_name} - no longer needed, please use ${alias_name}
• ${CLEAR=text} - clear-text password. Intentionally denoting this value as a protectable one, so we can enforce encryption (e.g. in prod)

Example:

 google_client_secret=${AES=mYRkg+4Q4hua1kvpCCI2hg==}
 service_password=${RSA=mYRkg+4Q4hua1kvpCCI2hg==}
 another_password=${service_password}
 cleartext_password=${CLEAR=known_password}
 

See Also:

• ConfigProperties.PRIVATE_KEYSTORE_PATH_ENV_VARIABLE
• ConfigProperties.MASTER_PASSWORD_ENV_VARIABLE
• ConfigProperties.MASTER_PASSWORD_CONFIG_KEY
• ConfigProperties.REQUIRE_ENCRYPTION_ENV_VARIABLE

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static class	EncryptionFilter.Builder	Builder to programmatically setup EncryptionFilter.

Method Summary

Modifier and Type	Method	Description
ConfigItem	apply(Config.Key key, ConfigItem itemPolicy)	Filters an elementary config value before it is made available to the application via the Config API.
String	apply(Config.Key key, String stringValue)	Filters an elementary config value before it is made available to the application via the Config API.
static EncryptionFilter.Builder	builder()	Builder to programmatically configure filter.
static Function<Config,ConfigFilter>	fromConfig()	Create a filter based on configuration (it takes its configuration from the configuration object it filters).

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface io.helidon.config.spi.ConfigFilter

init

Method Details

fromConfig

public static Function<Config,ConfigFilter> fromConfig()

Create a filter based on configuration (it takes its configuration from the configuration object it filters).

Returns:

ConfigFilter instance to register to config

builder

public static EncryptionFilter.Builder builder()

Builder to programmatically configure filter.

Returns:

Builder instance

apply

public String apply(Config.Key key,
 String stringValue)

Description copied from interface: ConfigFilter

Filters an elementary config value before it is made available to the application via the Config API.

Specified by:

apply in interface ConfigFilter

Parameters:

key - configuration key associated with the Config node

stringValue - original value to be filtered, never null

Returns:

original value or filtered (changed) value, never null

apply

public ConfigItem apply(Config.Key key,
 ConfigItem itemPolicy)

Description copied from interface: ConfigFilter

Filters an elementary config value before it is made available to the application via the Config API. Returns ConfigItem object which contains filtered config value and specific value settings.

Specified by:

apply in interface ConfigFilter

Parameters:

key - configuration key associated with the Config node

itemPolicy - original item policy

Returns:

new item policy object with the filtered config value