https://github.com/palantir/encrypted-config-value
Tooling for encrypting certain configuration parameter values in dropwizard apps
https://github.com/palantir/encrypted-config-value
octo-correct-managed
Last synced: 2 months ago
JSON representation
Tooling for encrypting certain configuration parameter values in dropwizard apps
- Host: GitHub
- URL: https://github.com/palantir/encrypted-config-value
- Owner: palantir
- License: apache-2.0
- Created: 2015-12-04T20:56:14.000Z (over 9 years ago)
- Default Branch: develop
- Last Pushed: 2025-04-02T18:18:44.000Z (2 months ago)
- Last Synced: 2025-04-02T19:27:05.131Z (2 months ago)
- Topics: octo-correct-managed
- Language: Java
- Homepage:
- Size: 1.45 MB
- Stars: 25
- Watchers: 270
- Forks: 26
- Open Issues: 5
-
Metadata Files:
- Readme: README.md
- Changelog: changelog/3.0.0/pr-201.v2.yml
- License: LICENSE
Awesome Lists containing this project
README
Encrypted Config Value
======================
[](https://circleci.com/gh/palantir/encrypted-config-value)
[](
http://jcenter.bintray.com/com/palantir/config/crypto/)
This repository provides tooling for encrypting certain configuration parameter values in Dropwizard apps. This defends against accidental leaks of sensitive information such as copy/pasting a config file - unlike jetty obsfucated passwords, one would also have to share the encryption key to actually reveal the sensitive information.
encrypted-config-value-bundle
-----------------------------
A Dropwizard bundle which provides a way of using encrypted values in your Dropwizard configs (via a variable substitutor) and utility commands.
The bundle sets the `ConfigurationSourceProvider` to one capable of parsing encrypted values specified as variables.
The bundle adds the following commands:
- `encrypt-config-value -v [-k ]` for encrypting values. In the case of non-symmetric algorithms (e.g. RSA) specify the public key.
- `generate-random-key -a [-f ]` for generating random keys with the specified algorithm. In the case of non-symmetric algorithms (e.g. RSA) the private key will have a .private extension.
Currently supported algorithms:
- AES: (AES/GCM/NoPadding) with random IV
- RSA
### Example Usage
Maven artifacts are published to JCenter. Dropwizard bundles are separated into two different packages: one for Dropwizard 1.x and one for Dropwizard 0.9.x and below. Example Gradle dependency configuration:
```groovy
repositories {
jcenter()
}
dependencies {
// adds EncryptedConfigValueBundle for Dropwizard 1.x apps
compile "com.palantir.config.crypto:encrypted-config-value-bundle-dropwizard1:$version"
// or, adds EncryptedConfigValueBundle for Drowizard <= 0.9.x apps
compile "com.palantir.config.crypto:encrypted-config-value-bundle:$version"
}
```
To use in your app, just add the bundle:
```java
public final class Main extends Application {
@Override
public void initialize(Bootstrap bootstrap) {
...
bootstrap.addBundle(new EncryptedConfigValueBundle());
}
...
}
```
Then:
```console
my-application$ ./bin/my-dropwizard-app generate-random-key -a AES
Wrote key to var/conf/encrypted-config-value.key
my-application$ ./bin/my-dropwizard-app encrypt-config-value -v topSecretPassword
enc:V92jePHsFbT0PxdJoer+oA==
```
Now use the encrypted value in your config file (as a variable):
```yaml
auth:
username: my-user
password: ${enc:INNv4cGkVF45MLWZhgVZdIsgQ4zKvbMoJ978Es3MIKgrtz5eeTuOCLM1vPbQm97ejz2EK6M=}
```
encrypted-config-value-module
-----------------------------
Not Dropwizard? You can still use encrypted values in your configuration file.
### Example Usage
```java
public final class AppConfiguration {
private static final ObjectMapper MAPPER = new YAMLMapper()
.registerModule(new GuavaModule());
...
public static AppConfiguration fromYaml(File configFile) {
...
return EncryptedConfigMapperUtils.getConfig(configFile, AppConfiguration.class, MAPPER);
}
...
}
```
License
-------
This repository is made available under the [Apache 2.0 License](http://www.apache.org/licenses/LICENSE-2.0).