java.lang.Object
io.helidon.config.encryption.EncryptionFilter
- All Implemented Interfaces:
ConfigFilter
Provides possibility to decrypt passwords from configuration sources.
Configuration can be used to enforce encryption (e.g. we will fail on clear-text value).
Password in properties must be stored as follows:
- ${AES=base64} - encrypted password using a master password (must be provided to prime through configuration, system property or environment variable)
- ${RSA=base64} - encrypted password using a public key (private key must be available to Prime instance, its location must be provided to prime through configuration, system property or environment variable)
- ${ALIAS=alias_name} - no longer needed, please use
${alias_name}
- ${CLEAR=text} - clear-text password. Intentionally denoting this value as a protectable one, so we can enforce encryption (e.g. in prod)
google_client_secret=${AES=mYRkg+4Q4hua1kvpCCI2hg==} service_password=${RSA=mYRkg+4Q4hua1kvpCCI2hg==} another_password=${service_password} cleartext_password=${CLEAR=known_password}
- See Also:
-
Nested Class Summary
Nested ClassesModifier and TypeClassDescriptionstatic class
Builder to programmatically setupEncryptionFilter
. -
Method Summary
Modifier and TypeMethodDescriptionapply
(Config.Key key, ConfigItem itemPolicy) Filters an elementary config value before it is made available to the application via theConfig
API.apply
(Config.Key key, String stringValue) Filters an elementary config value before it is made available to the application via theConfig
API.static EncryptionFilter.Builder
builder()
Builder to programmatically configure filter.static Function
<Config, ConfigFilter> Create a filter based on configuration (it takes its configuration from the configuration object it filters).Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
Methods inherited from interface io.helidon.config.spi.ConfigFilter
init
-
Method Details
-
fromConfig
Create a filter based on configuration (it takes its configuration from the configuration object it filters).- Returns:
- ConfigFilter instance to register to config
-
builder
Builder to programmatically configure filter.- Returns:
- Builder instance
-
apply
Description copied from interface:ConfigFilter
Filters an elementary config value before it is made available to the application via theConfig
API.- Specified by:
apply
in interfaceConfigFilter
- Parameters:
key
- configurationkey
associated with theConfig
nodestringValue
- original value to be filtered, nevernull
- Returns:
- original value or filtered (changed) value, never
null
-
apply
Description copied from interface:ConfigFilter
Filters an elementary config value before it is made available to the application via theConfig
API. ReturnsConfigItem
object which contains filtered config value and specific value settings.- Specified by:
apply
in interfaceConfigFilter
- Parameters:
key
- configurationkey
associated with theConfig
nodeitemPolicy
- original item policy- Returns:
- new item policy object with the filtered config value
-