{"id":23688709,"url":"https://github.com/chensoul/spring-config-server","last_synced_at":"2026-01-12T02:30:13.142Z","repository":{"id":266639339,"uuid":"898914788","full_name":"chensoul/spring-config-server","owner":"chensoul","description":null,"archived":false,"fork":false,"pushed_at":"2025-02-06T00:52:45.000Z","size":51,"stargazers_count":0,"open_issues_count":1,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-02-06T01:29:00.390Z","etag":null,"topics":["spring-cloud","spring-cloud-contract"],"latest_commit_sha":null,"homepage":"","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/chensoul.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-12-05T09:24:42.000Z","updated_at":"2025-02-06T00:51:38.000Z","dependencies_parsed_at":"2024-12-05T10:27:06.624Z","dependency_job_id":"62837133-0ef6-45db-acd1-f40422caa2c2","html_url":"https://github.com/chensoul/spring-config-server","commit_stats":null,"previous_names":["chensoul/spring-config-server"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chensoul%2Fspring-config-server","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chensoul%2Fspring-config-server/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chensoul%2Fspring-config-server/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chensoul%2Fspring-config-server/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/chensoul","download_url":"https://codeload.github.com/chensoul/spring-config-server/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":239748298,"owners_count":19690236,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["spring-cloud","spring-cloud-contract"],"created_at":"2024-12-30T00:18:17.530Z","updated_at":"2025-02-19T23:16:42.208Z","avatar_url":"https://github.com/chensoul.png","language":"Java","funding_links":[],"categories":[],"sub_categories":[],"readme":"# spring-config-server\n\n## How to run\n\nPackage the application using the maven command:\n\n```bash\n./mvnw package\n```\n\nSetting an environment variable named `SPRING_CONFIG_ADDITIONAL_LOCATION` or `SPRING_CONFIG_IMPORT` to the location of the configuration file, for example `samples/config-repo.yml`:\n\n```bash\nexport SPRING_CONFIG_IMPORT=samples/config-repo.yml\n```\n\nUsing Java 17+ or higher, run the Config Server application:\n\n```bash\njava -jar target/spring-config-server-0.0.1-SNAPSHOT.jar \n```\n\nTo verify, you can use curl to fetch the configuration for the default application and profile by running:\n\n```bash\ncurl -u user:password http://localhost:8888/application/default\n```\n\n## Resources\n\n| Path                           | Description                                                     |\n|--------------------------------|-----------------------------------------------------------------|\n| /{app}/{profile}               | Configuration data for app in Spring profile (comma-separated). |\n| /{app}/{profile}/{label}       | Add a git label                                                 |\n| /{app}/{profile}{label}/{path} | An environment-specific plain text config file (at \"path\")      |\n\n## Security\n\n### HTTP Basic authentication\n\nThe server is secure with HTTP Basic authentication by Spring Security (via spring-boot-starter-security). The user name is \"user\" and the password is \"password\". You can override the password with the environment variable `SPRING_SECURITY_USER_PASSWORD`. E.g.\n\n```bash\nSPRING_SECURITY_USER_PASSWORD=pass123\n```\n\n### Encryption and decryption\n\nGenerate a keystore with a key pair:\n\n```bash\nkeytool -genkeypair -alias mytestkey -keyalg RSA\\\n  -dname \"CN=Web Server,OU=Unit,O=Organization,L=City,S=State,C=CN\" -validity 3650 \\\n  -storetype PKCS12 -keystore keystore.jks -storepass changeit\n```\n\nRun the Config Server application with the environment variable `ENCRYPT_KEYSTORE_PASSWORD` set to the keystore password:\n\n```bash\nENCRYPT_KEYSTORE_PASSWORD=changeit java -jar target/*.jar\n```\n\nTest encryption and decryption with the following commands:\n\n```bash\nVALUE=`curl -s -u user:password http://localhost:8888/encrypt -d hello`\ncurl -u user:password http://localhost:8888/decrypt -d $VALUE\n```\n\n### Enabling Mutual TLS (mTLS)\n\nWe will use the [OpenSSL](https://www.openssl.org/) command line tool to generate the certificates.\n\n1. **Generate CA**\n\nFirst of all, we need a certificate authority (CA) that both the client and the server will trust. We generate these using openssl.\n\n```bash\nmkdir -p samples/tls/ca\nopenssl req -new -x509 -nodes -days 365 -subj '/CN=my-ca' -keyout samples/tls/ca/ca.key -out samples/tls/ca/ca.crt\n```\n\nThis now puts a private key in ca.key and a certificate in ca.crt on our filesystem. We can inspect these a little further with the following.\n\n```bash\nopenssl x509 --in samples/tls/ca/ca.crt -text --noout\n```\n\nLooking at the output, we see some interesting things about our CA certificate. Most importantly the X509v3 Basic Constraints value is set CA:TRUE, telling us that this certificate can be used to sign other certificates (like CA certificates can).\n\n2. **Generate Server key and certificate**\n\nThe server now needs a key and certificate. Key generation is simple, as usual:\n\n```bash\nmkdir -p samples/tls/server\nopenssl genrsa -out samples/tls/server/tls.key 2048\n```\n\nWe need to create a certificate that has been signed by our CA. This means we need to generate a certificate signing\nrequest, which is then used to produce the signed certificate.\n\n```bash\nopenssl req -new -key samples/tls/server/tls.key -subj '/CN=localhost' -out samples/tls/server/tls.csr\n```\n\nThis gives us a signing request for the domain of localhost as mentioned in the -subj parameter. This signing request\nnow gets used by the CA to generate the certificate.\n\n```bash\nopenssl x509 -req -in samples/tls/server/tls.csr -CA samples/tls/ca/ca.crt -CAkey samples/tls/ca/ca.key -CAcreateserial -days 365 -out samples/tls/server/tls.crt\n```\n\nInspecting the server certificate, you can see that it’s quite a bit simpler than the CA certificate. We’re only able to\nuse this certificate for the subject that we nominated; localhost.\n\n3. **Generate Client key and certificate**\n\nThe generation of the client certificates is very much the same as the server.\n\n```bash\nmkdir -p samples/tls/client\n# create a key\nopenssl genrsa -out samples/tls/client/tls.key 2048\n\n# generate a signing certificate\nopenssl req -new -key samples/tls/client/tls.key -subj '/CN=my-client' -out samples/tls/client/tls.csr\n\n# create a certificate signed by the CA\nopenssl x509 -req -in samples/tls/client/tls.csr -CA samples/tls/ca/ca.crt -CAkey samples/tls/ca/ca.key -CAcreateserial -days 365 -out samples/tls/client/tls.crt\n```\n\nThe subject in this case is my-client.\n\nThe `-CAcreateserial` number also ensures that we have unique serial numbers between the server and client certificates. Again, this can be verified when you inspect the certificate.\n\n4. **Run Config Server**\n\nRun the Config Server application:\n\n```bash\nexport SPRING_CONFIG_IMPORT=file:samples/config-repo-tls.yml\njava -jar target/spring-config-server-0.0.1-SNAPSHOT.jar \n```\n\n5. **Test with certificates and keys**\n\n```bash\ncurl \\\n    --cacert samples/tls/ca/ca.crt \\\n    --cert samples/tls/client/tls.crt \\\n    --key samples/tls/client/tls.key \\\n    -u user:password \\\n    https://localhost:8888/application/default/main\n```\n\n## Enable AOT\n\nDisable the refresh scope in the application.yaml file:\n\n```yaml\nspring:\n  cloud:\n    refresh:\n      enabled: false\n```\n\nInstall GraalVM JDK:\n\n```bash\nsdk install java 21.0.5-graal \n```\n\nRun maven command to compile the native image:\n\n```bash\n./mvnw -Pnative native:compile\n```\n\n## Run with Docker\n\nCreate an image with [buildpack](https://buildpacks.io/).\n\n```bash\nbrew install buildpacks/tap/pack\n\npack build spring-config-server:0.0.1 \\\n  --path ./spring-config-server-0.0.1-SNAPSHOT.jar \\\n  --builder paketobuildpacks/builder:tiny\n```\n\n\u003e If you will be running the image on an ARM host (such as an Apple machine with an Apple chipset), you must use a\n\u003e different builder:\n\u003e\n\u003e ```bash\n\u003e pack build spring-config-server:0.0.1 \\\n\u003e --path target/spring-config-server-0.0.1-SNAPSHOT.jar \\\n\u003e --builder dashaun/builder:tiny\n\u003e ```\n\nOr you can create an image using docker build.\n\n```bash\ndocker build -t chensoul/spring-config-server:0.0.1 .\n```\n\nStart the container by running:\n\n```bash\ndocker run -d \\\n  -p 8888:8888 \\\n  --mount type=bind,source=\"$(pwd)\"/samples,target=/app/samples \\\n  -e SPRING_CONFIG_IMPORT='file:samples/config-repo-tls.yml' \\\n  chensoul/spring-config-server:0.0.1\n```\n\nAlternatively, you can push the image to docker hub:\n\n```bash\ndocker login\ndocker tag chensoul/spring-config-server:0.0.1 chensoul/spring-config-server:latest\ndocker push chensoul/spring-config-server:0.0.1\n```\n\n## Enabling Client Applications\n\nConfig application.properties file for the client application:\n\n```yaml\nspring.config.import: optional:configserver:http://myconfigserver:8888\n```\n\nEnabling TLS (mTLS) Authentication if the Config Server is running with TLS:\n\n```yaml\nspring.config.import: optional:configserver:http://myconfigserver:8888\nspring.cloud.config.tls.enabled: true\nspring.cloud.config.tls.key-store: \u003cpath-to-key-store\u003e\nspring.cloud.config.tls.key-store-type: PKCS12\nspring.cloud.config.tls.key-store-password: \u003ckey-store-password\u003e\nspring.cloud.config.tls.password: \u003ckey-password\u003e\nspring.cloud.config.tls.trust-store: \u003cpath-of-trust-store\u003e\nspring.cloud.config.tls.trust-store-type: PKCS12\nspring.cloud.config.tls.trust-store-password: \u003ctrust-store-password\u003e\n```","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fchensoul%2Fspring-config-server","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fchensoul%2Fspring-config-server","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fchensoul%2Fspring-config-server/lists"}