我需要从kubernetes中的env变量中读取私钥。为了确保我的代码有效,我现在从资源文件夹中读取它,这样每次我在本地运行应用程序时都可以从中读取。现在我已经部署了我的应用程序,并在kubernetes中用这个私钥创建了一个秘密。
我还创建了一个测试端点来检查我的env变量是否在kubernetes:中
@GetMapping("/test")
public ResponseEntity test() {
return ResponseEntity.ok(System.getenv());
}
在检查它是否已设置后,我编写了这段代码,以便读取私钥,如果应用程序正在本地运行,则从资源文件夹中读取,但如果它在dev上运行,则必须从env变量中读取。问题是,这在部署到PaaS时不起作用,但在本地尝试时会读取。以下是实现这一点的代码:
@Configuration
@RequiredArgsConstructor
public class JwtKeyProviderConfig {
private final static String PRIVATE_KEY_ENVIRONMENT_VARIABLE_NAME = "PRIVATE_KEY";
private final static String LOCAL_ENVIRONMENT_NAME = "local";
private final static String TEST_ENVIRONMENT_NAME = "test";
private final static String DEVELOPMENT_ENVIRONMENT_NAME = "development";
private final static String LOCAL_PRIVATE_KEY_RESOURCE_PATH = "classpath:keys/private_key.pkcs8";
private final ResourceUtil resourceUtil;
private final Base64Util base64Util;
private final Environment environment;
@Bean
public PrivateKey getPrivateKeyFromEnvironmentVariable() throws IOException {
List<String> activeProfiles = Arrays.asList(environment.getActiveProfiles());
boolean isLocalOrTestEnvironment = activeProfiles.contains(LOCAL_ENVIRONMENT_NAME) || activeProfiles.contains(DEVELOPMENT_ENVIRONMENT_NAME);
//TODO It's not reading from the ENV in openshift, it was reading it from the private key uploaded in git
String key = isLocalOrTestEnvironment ? resourceUtil.asString(LOCAL_PRIVATE_KEY_RESOURCE_PATH) : System.getenv(PRIVATE_KEY_ENVIRONMENT_VARIABLE_NAME);
return readKey(
key,
"PRIVATE",
this::privateKeySpec,
this::privateKeyGenerator
);
}
private <T extends Key> T readKey(String keyString, String headerSpec, Function<String, EncodedKeySpec> keySpec, BiFunction<KeyFactory, EncodedKeySpec, T> keyGenerator) {
try {
//TODO you can check the headers and throw an exception here if you want
keyString = keyString
.replace("-----BEGIN " + headerSpec + " KEY-----", "")
.replace("-----END " + headerSpec + " KEY-----", "")
.replaceAll("\s+", "");
return keyGenerator.apply(KeyFactory.getInstance("RSA"), keySpec.apply(keyString));
} catch(NoSuchAlgorithmException e) {
throw new JwtInitializationException(e);
}
}
private EncodedKeySpec privateKeySpec(String data) {
return new PKCS8EncodedKeySpec(base64Util.decode(data));
}
private PrivateKey privateKeyGenerator(KeyFactory kf, EncodedKeySpec spec) {
try {
return kf.generatePrivate(spec);
} catch(InvalidKeySpecException e) {
throw new JwtInitializationException(e);
}
}
}
知道为什么它不能在远程工作吗?提前感谢!
为什么这么复杂?
您可以像使用@Value读取所有配置值一样,使用Spring读取环境变量
@Value("${PRIVATE_KEY}")
private String privateKey;