Skip to content
This repository has been archived by the owner on May 11, 2021. It is now read-only.

Centralized configuration management

nurkiewicz edited this page Nov 24, 2014 · 24 revisions

This module aims to provide the following features to microservices:

  • centralized, managed and versioned repository for configuration (addresses, tuning options)
  • systematic way of storing secrets like database passwords and external API keys
  • automatic propagation of configuration changes across environments and applications

NB: this module is still work-in-progress.

Most of the implementation uses Spring Cloud project.

Central configuration repository

This project supports reading configuration from one, globally managed directory on the file system. This directory, in principle, should contain all configuration in .properties or .yaml files in hierarchy mirroring microservice name. E.g. for /com/ofg/service-pl the following configuration files are scanned:

  • /com/ofg/service.properties
  • /com/ofg/service.yaml
  • /com/ofg/service-pl.properties
  • /com/ofg/service-pl.yaml

Order is important, in case of duplicated keys last configuration option overrides previous ones. Notice that this setup allows you to share configuration between different realms (e.g. countries). Core configuration is in service.yaml while country-specific overrides are placed in service-pl.yaml.

Encrypting confidential properties

If configuration option should be kept in secret, we can still put it in global, public repository. Just encrypt it (see EncryptorTestUtil) using symmetric password and prefix with {cipher}. The application will automatically decrypt it with provided key.

Encrypted keys in .properties file:

db.password=f29ed1c69fa39d4d33c72305a2bf49bf30f2841aa1e9da7e052e3336ce

or in YAML:

db:
  password: "{cipher}f29ed1c69fa39d4d33c72305a2bf49bf30f2841aa1e9da7e052e3336ce"

Troubleshooting

Could not locate PropertySource: Unable to invoke Cipher due to bad padding

This message on startup is slightly misleading, most likely your encrypt.key is incorrect.

Refreshing configuration

When you modify (preferably via centralized git repository) given configuration file, this module will automatically discover it and refresh chosen beans. If your bean wants to take advantage of configuration updates, simply annotate with @RefreshScope:

@Bean
@RefreshScope
public MyService myService() { /* ... */ }

This bean will be lazily reloaded (destroyed and created from scratch) when any configuration change is discovered.

Installing

Just add micro-infra-spring-property to your CLASSPATH. Also you need to add the following system properties on startup:

-DCONFIG_FOLDER=/home/.../properties
-DAPP_ENV=...
-Dencrypt.key=your_encryption_key
-Dspring.cloud.config.enabled=false

Where

  • CONFIG_FOLDER represents root configuration folder, under which properties for all applications are located (e.g. /home/user/config/prod/com/ofg/...)
  • APP_ENV defines application environment (e.g. 'prod')
  • encrypt.key is a symmetric key for decrypting secret properties
  • spring.cloud.config.enabled disables built-in Spring Cloud property resolution

All of the above can be either system properties (-D) or environment variables. Make sure encrypt.key is accessible publicly.