Zoomdata Version

Encrypting Configuration Properties

You can encrypt sensitive property values in Zoomdata's property files, if needed. This can be accomplished using the Spring Cloud CLI.

Prerequisites

Before you can encrypt property values, your Zoomdata environment must meet the following requirements.

Encrypting a Property

To encrypt an individual configuration property:

  1. Ensure your environment meets the prerequisites listed in Prerequisites.

  2. Use the following Spring Cloud CLI command to encrypt a property value with a specified encryption key:

    spring encrypt <property-value> --key <encryption-key>

    For example, the following command encrypts the value of the PASSWORD variable using the encryption key specified by the ENCRYPT_KEY variable.

    spring encrypt $PASSWORD --key $ENCRYPT_KEY

    The output of this command is the encrypted property. For example:

    711448026e2c6a977b2be1b22f13649cc938366397fbd345113d2a50e27c348f)
  3. Add the following to the properties file in which the encrypted property value will be stored:

    • The encrypted property you obtained in Step 2, prepended with {cipher}. The {cipher} prefix allows Spring Cloud to recognize encrypted properties. For example:

      encrypted.property={cipher}711448026e2c6a977b2be1b22f13649cc938366397fbd345113d2a50e27c348f
    • A new property (once per property file) that identifies the encryption key used. For example:

      ENCRYPT.KEY=<encryption-key>
  4. Save the properties file and restart its associated Zoomdata service. See Restarting Zoomdata Services.

Alternatively, you could modify and use the sample script, provided next, to encrypt a property value in a properties file.

Sample Script to Encrypt a Property

You can modify and use the following sample script to encrypt a property value in a properties file.

#!/bin/bash

#define the property file location, property key, and encryption key
FILE=/opt/zoomdata/zoomdata.properties
PROPERTY_KEY=spring.datasource.password
ENCRYPT_KEY=zoomdata

#read the property value
PROPERTY_VALUE=$(< "$FILE" grep -w "$PROPERTY_KEY"|cut -d '=' -f2)

#encrypt the value
#NOTE: this step will fail with 'Unable to initialize due to invalid secret key'
#if the JCE prerequisite is not met
ENCRYPTED_VALUE="{cipher}"+$(spring encrypt $PROPERTY_VALUE --key $ENCRYPT_KEY)

#update the file
sed -i "s/$PROPERTY_KEY=$PROPERTY_VALUE/$PROPERTY_KEY=$ENCRYPTED_VALUE/g" $FILE

#add the encryption key if not already present in the file
grep -q -F "encrypt.key=$ENCRYPT_KEY" $FILE || echo "encrypt.key=$ENCRYPT_KEY" >> $FILE

Was this topic helpful?