java.lang.Object
io.helidon.config.encryption.MpEncryptionFilter
- All Implemented Interfaces:
MpConfigFilter
Provides possibility to decrypt passwords from configuration sources.
Configuration can be used to enforce encryption (e.g. we will fail on clear-text value).
Password in properties must be stored as follows:
- ${AES=base64} - encrypted password using a master password (must be provided to prime through configuration, system property or environment variable)
- ${RSA=base64} - encrypted password using a public key (private key must be available to Prime instance, its location must be provided to prime through configuration, system property or environment variable)
- ${ALIAS=alias_name} - no longer needed, please use
${alias_name} - ${CLEAR=text} - clear-text password. Intentionally denoting this value as a protectable one, so we can enforce encryption (e.g. in prod)
google_client_secret=${GCM=mYRkg+4Q4hua1kvpCCI2hg==}
service_password=${RSA-P=mYRkg+4Q4hua1kvpCCI2hg==}
another_password=${service_password}
cleartext_password=${CLEAR=known_password}
- See Also:
-
Constructor Summary
Constructors -
Method Summary
-
Constructor Details
-
MpEncryptionFilter
Deprecated.This constructor is only for use byMpConfigFilterservice loader.
-
-
Method Details
-
init
Description copied from interface:MpConfigFilterInitialize this filter from configuration. The config instance provided only has filters with higher priority than this filter.- Specified by:
initin interfaceMpConfigFilter- Parameters:
config- configuration to set this filter up.
-
apply
Description copied from interface:MpConfigFilterApply this filter on the provided value.- Specified by:
applyin interfaceMpConfigFilter- Parameters:
propertyName- name of the property (its key)value- the current value of the property as retrieved from the config source, or from previous filters- Returns:
- value as processed by this filter
-