如何在Jhipster注册表应用程序中使用时加密Jasypt.encryptor.pasword属性'；s配置文件

我正在使用JHipster注册表应用程序，并通过使用Jasypt库对所有micro服务的集中配置中的用户名和密码进行加密，从而使用本地加密

在执行此操作时，我注意到，当我尝试加密默认用户名和密码（admin/admin）时，我已经配置了gateway.yml（所有micro services通用配置的中央配置文件）

我也为Jasypt maven spring boot starter配置添加了注册应用程序项目所需的依赖项，如下所示，它编译并完美地打开了注册

 <dependency>
            <groupId>com.github.ulisesbocchio</groupId>
            <artifactId>jasypt-spring-boot-starter</artifactId>
            <version>2.0.0</version>
        </dependency>

---

请建议在配置或任何其他替代方法时出现了什么问题，或者它不支持基于Jasypt的加密/解密或其他需要配置的内容？

我已经找到了解决问题的方法。我所做的唯一更改是通过传递Jasypt加密库，我尝试使用传统的JHipster注册表应用程序云配置服务器加密/解密策略。对于类似的事情，我必须喜欢使用任何SpringCloudConfig服务器发现以及eureka。因此，当我在boostrap.yml中通过JHipster注册表应用程序中的central config文件夹使用本机文件系统进行集中配置时，我在注册表应用程序端禁用了Spring Cloud config server的encrypt属性，如下所示

spring:
  application:
    name: gateway
  profiles:
    active: dev
    include: composite
  cloud:
    config:
      fail-fast: false 
      uri: http://admin:${jhipster.registry.password}@localhost:8761/config/decrypt
      

      # name of the config server's property source (file.yml) that we want to use
      name: gateway
      profile: dev

spring:
  application:
    name: jhipster-registry
  profiles:
    active: dev
    include: composite
  cloud:
    config:
      server:

        #git:
         # uri: https://github.com/debjupiter18/central-config-server
          #skipSslValidation: true
        bootstrap: true
        **encrypt.enabled: false**

在我的micro service gateway应用程序中启用了相同的功能，如下所述

jhipster:
  registry:
     password: '{cipher}a7b13e30356a50ed81275d9428a31543d7f59eb9e374f3063a94464e9f4a5863'

spring:
  application:
    name: gateway
  profiles:
    active: dev
    include: composite
    # The commented value for `active` can be replaced with valid Spring profiles to load.
    # Otherwise, it will be filled in by maven when building the JAR file
    # Either way, it can be overridden by `--spring.profiles.active` value passed in the commandline or `-Dspring.profiles.active` set in `JAVA_OPTS`
    #active: dev
  cloud:
    config:
      server.encrypt.enabled: true
      fail-fast: false # if not in "prod" profile, do not force to use Spring Cloud Config
      uri: http://admin:${jhipster.registry.password}@localhost:8761/config
      #http://admin:password@registry:8761/config/decrypt

      # name of the config server's property source (file.yml) that we want to use
      name: gateway
      profile: dev

在central config文件夹中的gateway.yml文件中，修改了以下两个加密属性，因为目标是一个原型，以检查是否能够发现Eureka客户端并在这些更改到位的情况下连接到MYSQL Db

spring:
  datasource:
    type: com.zaxxer.hikari.HikariDataSource
    url: jdbc:mysql://localhost:3306/gateway?useUnicode=true&characterEncoding=utf8&useSSL=false&useLegacyDatetimeCode=false&serverTimezone=UTC&createDatabaseIfNotExist=true&allowPublicKeyRetrieval=true
    username: root #{cipher}7f21f461454b9c0d99f2f81194257b9b0f77787cfab738b690f73c1ee84a73c4    #ENC(HLr1wJLGRZPuHVMUgEhiUQ==)
    password: '{cipher}7f21f461454b9c0d99f2f81194257b9b0f77787cfab738b690f73c1ee84a73c4' #root
    hikari:
      poolName: Hikari
      auto-commit: false
      data-source-properties:
        cachePrepStmts: true
        prepStmtCacheSize: 250
        prepStmtCacheSqlLimit: 2048
        useServerPrepStmts: true

  jpa:
     database-platform: org.hibernate.dialect.MySQLInnoDBDialect
     database: MYSQL
     openInView: false
     show-sql: true
  liquibase:
      drop-first: true
      # Remove 'faker' if you do not want the sample data to be loaded automatically
      contexts: dev #, faker
# Property to disable logging in GAE since we cannot write to GAE file system
  mail:
    host: localhost
    port: 25
    username:
    password:
  messages:
      cache-duration: PT1S # 1 second, see the ISO 8601 standard
  thymeleaf:
      cache: false
  sleuth:
      sampler:
        probability: 1 # report 100% of traces
  zipkin: # Use the "zipkin" Maven profile to have the Spring Cloud Zipkin dependencies
      base-url: http://localhost:9411
      enabled: false
      locator:
        discovery:
          enabled: true
  security:
      basic.enabled: true
      user.name : admin
      user.password : '{cipher}a7b13e30356a50ed81275d9428a31543d7f59eb9e374f3063a94464e9f4a5863'
eureka:
  instance:
    prefer-ip-address: true
  client:
    register-with-eureka: true
    fetch-registry: true
    service-url:
      defaultZone: http://${spring.security.user.name}:${spring.security.user.password}@localhost:8761/eureka/

最后但并非最不重要的一点是，按照在配置服务器端启用加密机制并帮助在服务器端解密相同属性的原则，JHipster registry在bootsrap.yml中使用了下面提到的相同属性，这是由于JHipster registry同时充当云配置服务器和Eureka注册表

encrypt:
  key: bXktc2VjcmV0LWtleS13aGljaC1zaG91bGQtYmUtY2hhbmdlZC1pbi1wcm9kdWN0aW9uLWFuZC1iZS1iYXNlNjQtZW5jb2RlZAo=
``` in both **bootstarp.yml** file to leverage the Spring cloud config server at JHipster-registry app side, to use the encryption at server side and decryption at client side .

I am able to run the centralized configuration with encryption and deryption, 
I stopped using Jasypt library for now. 
This is working for me, please let me know if any other suggestions or any downside of this solution, can discuss if anybody tried a different approach.

---

我已经想出了解决这个问题的办法。我所做的唯一更改是通过传递Jasypt加密库，我尝试使用传统的JHipster注册表应用程序云配置服务器加密/解密策略。对于类似的事情，我必须喜欢使用任何SpringCloudConfig服务器发现以及eureka。因此，当我在boostrap.yml中通过JHipster注册表应用程序中的central config文件夹使用本机文件系统进行集中配置时，我在注册表应用程序端禁用了Spring Cloud config server的encrypt属性，如下所示

spring:
  application:
    name: gateway
  profiles:
    active: dev
    include: composite
  cloud:
    config:
      fail-fast: false 
      uri: http://admin:${jhipster.registry.password}@localhost:8761/config/decrypt
      

      # name of the config server's property source (file.yml) that we want to use
      name: gateway
      profile: dev

spring:
  application:
    name: jhipster-registry
  profiles:
    active: dev
    include: composite
  cloud:
    config:
      server:

        #git:
         # uri: https://github.com/debjupiter18/central-config-server
          #skipSslValidation: true
        bootstrap: true
        **encrypt.enabled: false**

在我的micro service gateway应用程序中启用了相同的功能，如下所述

jhipster:
  registry:
     password: '{cipher}a7b13e30356a50ed81275d9428a31543d7f59eb9e374f3063a94464e9f4a5863'

spring:
  application:
    name: gateway
  profiles:
    active: dev
    include: composite
    # The commented value for `active` can be replaced with valid Spring profiles to load.
    # Otherwise, it will be filled in by maven when building the JAR file
    # Either way, it can be overridden by `--spring.profiles.active` value passed in the commandline or `-Dspring.profiles.active` set in `JAVA_OPTS`
    #active: dev
  cloud:
    config:
      server.encrypt.enabled: true
      fail-fast: false # if not in "prod" profile, do not force to use Spring Cloud Config
      uri: http://admin:${jhipster.registry.password}@localhost:8761/config
      #http://admin:password@registry:8761/config/decrypt

      # name of the config server's property source (file.yml) that we want to use
      name: gateway
      profile: dev

在central config文件夹中的gateway.yml文件中，修改了以下两个加密属性，因为目标是一个原型，以检查是否能够发现Eureka客户端并在这些更改到位的情况下连接到MYSQL Db

spring:
  datasource:
    type: com.zaxxer.hikari.HikariDataSource
    url: jdbc:mysql://localhost:3306/gateway?useUnicode=true&characterEncoding=utf8&useSSL=false&useLegacyDatetimeCode=false&serverTimezone=UTC&createDatabaseIfNotExist=true&allowPublicKeyRetrieval=true
    username: root #{cipher}7f21f461454b9c0d99f2f81194257b9b0f77787cfab738b690f73c1ee84a73c4    #ENC(HLr1wJLGRZPuHVMUgEhiUQ==)
    password: '{cipher}7f21f461454b9c0d99f2f81194257b9b0f77787cfab738b690f73c1ee84a73c4' #root
    hikari:
      poolName: Hikari
      auto-commit: false
      data-source-properties:
        cachePrepStmts: true
        prepStmtCacheSize: 250
        prepStmtCacheSqlLimit: 2048
        useServerPrepStmts: true

  jpa:
     database-platform: org.hibernate.dialect.MySQLInnoDBDialect
     database: MYSQL
     openInView: false
     show-sql: true
  liquibase:
      drop-first: true
      # Remove 'faker' if you do not want the sample data to be loaded automatically
      contexts: dev #, faker
# Property to disable logging in GAE since we cannot write to GAE file system
  mail:
    host: localhost
    port: 25
    username:
    password:
  messages:
      cache-duration: PT1S # 1 second, see the ISO 8601 standard
  thymeleaf:
      cache: false
  sleuth:
      sampler:
        probability: 1 # report 100% of traces
  zipkin: # Use the "zipkin" Maven profile to have the Spring Cloud Zipkin dependencies
      base-url: http://localhost:9411
      enabled: false
      locator:
        discovery:
          enabled: true
  security:
      basic.enabled: true
      user.name : admin
      user.password : '{cipher}a7b13e30356a50ed81275d9428a31543d7f59eb9e374f3063a94464e9f4a5863'
eureka:
  instance:
    prefer-ip-address: true
  client:
    register-with-eureka: true
    fetch-registry: true
    service-url:
      defaultZone: http://${spring.security.user.name}:${spring.security.user.password}@localhost:8761/eureka/

最后但并非最不重要的一点是，按照在配置服务器端启用加密机制并帮助在服务器端解密相同属性的原则，JHipster registry在bootsrap.yml中使用了下面提到的相同属性，这是由于JHipster registry同时充当云配置服务器和Eureka注册表

encrypt:
  key: bXktc2VjcmV0LWtleS13aGljaC1zaG91bGQtYmUtY2hhbmdlZC1pbi1wcm9kdWN0aW9uLWFuZC1iZS1iYXNlNjQtZW5jb2RlZAo=
``` in both **bootstarp.yml** file to leverage the Spring cloud config server at JHipster-registry app side, to use the encryption at server side and decryption at client side .

I am able to run the centralized configuration with encryption and deryption, 
I stopped using Jasypt library for now. 
This is working for me, please let me know if any other suggestions or any downside of this solution, can discuss if anybody tried a different approach.

---

如果我尝试使用JCE而不是Jasypt库，然后使用Jhipster注册表应用程序进行集中配置，那么Jhipster microservice客户端如何访问本机文件系统加密的属性，我并不清楚。micro service app bootstrap.yml文件中的任何简单更改都足以进行配置，如果是，如何配置？如果我尝试使用JCE而不是Jasypt库，然后使用Jhipster registry app进行集中配置，Jhipster microservice客户端如何访问本机文件系统加密的属性，我还不清楚。micro service app bootstrap.yml文件中的任何简单更改都足以进行配置，如果是，如何配置？