2

I hava a java spring.boot application that uses Kubernetes, I'we configured this .yaml file

- name: ACTUATOR_USERNAME
  valueFrom:
    secretKeyRef:
      name: actuator
      key: username
- name: ACTUATOR_PASSWORD
  valueFrom:
    secretKeyRef:
      name: actuator
      key: password

added this attributes to my application.propertis

security.user.name=${ACTUATOR_USERNAME}
security.user.password=${ACTUATOR_PASSWORD}

secret is created at server side, how do I retrieve this values inside my class

package com.greenqloud.usage.healthcheck;

import org.springframework.boot.actuate.autoconfigure.security.servlet.EndpointRequest;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

@Configuration
@EnableWebSecurity
public class ActuatorSecurity extends WebSecurityConfigurerAdapter {
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.requestMatcher(EndpointRequest.toAnyEndpoint()).authorizeRequests()
                .anyRequest().hasRole("USER")
                .and()
                .httpBasic();
    }

    @Override
    public void configure(AuthenticationManagerBuilder auth) throws Exception {
        System.out.println("actuator username: " + System.getenv("ACTUATOR_USERNAME"));
        System.out.println("actuator password: " + System.getenv("ACTUATOR_PASSWORD"));

        auth.inMemoryAuthentication()
                .withUser("actuator").password("{noop}actuator123").roles("USER");
    }
}

the only way I have found is to use the System.out.getenv("ACTUATOR_USERNAME") but I'm sure there is a better way to achieve this?

Improve this question
2
  • 2
    What's wrong with using System.getEnv? What "better way" do you want? Commented Feb 20, 2019 at 13:57
  • nothing, I was just under the expression that there where a more spring.boot way to achieve this, I might be wrong. Commented Feb 20, 2019 at 14:00

2 Answers 2

Reset to default
3

I am agree with @Kuikiker about getenv(). But one question why do u want to store credential in env variable. Unless u have some special need I believe you will be better off store them in your application.properties with encrypted value. I usually use jasypt encipher for that (https://www.baeldung.com/spring-boot-jasypt). Hope this helps.

Improve this answer
Sign up to request clarification or add additional context in comments.

7 Comments

I'm sure I want what you are suggesting, I have in my application.proppertis file security.user.name=${ACTUATOR_USERNAME} security.user.password=${ACTUATOR_PASSWORD} How can I retrieve this values inside my java class?
@Value("security.user.password"). Have a look at baeldung.com/spring-value-annotation
like this @Value("security.user.name") private String actuatorUsername; @Value("${ACTUATOR_PASSWORD}") private String actuatorPassword; auth.inMemoryAuthentication() .withUser(actuatorUsername).password(actuatorPassword).roles("USER");`` although IntelliJ complains about Private field 'actuatorUsername' is never assigned` ?
Yes IDE does that. This value get assigned to the variable on run time through dependency injection so IDE complain because it could not find any reference.
Why can I not directly use the value like this auth.inMemoryAuthentication() .withUser(@Value("security.user.name")).password(@Value("${security.user.password}")).roles("USER"); ?
|
0

System.getenv() is used to retrieve environment variable values; there is nothing wrong with it. However, since you are using SpringBoot you may find the following question valuable: Read environment variable in SpringBoot

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.