Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support base64 in kafka ssl keystore/truststore #41047

Closed
Sineaggi opened this issue Jun 10, 2024 · 7 comments
Closed

Support base64 in kafka ssl keystore/truststore #41047

Sineaggi opened this issue Jun 10, 2024 · 7 comments
Labels
status: duplicate A duplicate of another issue

Comments

@Sineaggi
Copy link

Spring Boot 3.3.0 supports base64 resources, but the KafkaProperties.java file has a method resourceToPath that required a Resource can be turned into a path.

Can we either have the key-store-location properties support non-path resources, or make a new key-store-resource that takes non-path resources?
@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged label Jun 10, 2024
@scottfrederick
Copy link
Contributor

The values of the spring.kafka.ssl.key-store-location and spring.kafka.ssl.trust-store-location properties are passed to the Apache Kafka Java client library, which expects them to be file locations. Changing those properties to accept Base64-encoded strings would require a change to the Apache Kafka library, not just to Spring Boot.

Instead of using those properties, you can define an SSL bundle (which supports the base64: resource prefix), and then apply that bundle to the Kafka connection using the spring.kafka.ssl.bundle property instead of the discrete spring.kafka.ssl.* properties. The spring.kafka.ssl.bundle property is available as of Spring Boot 3.2.

@scottfrederick scottfrederick added status: duplicate A duplicate of another issue and removed status: waiting-for-triage An issue we've not yet triaged labels Jun 10, 2024
@Sineaggi
Copy link
Author

@scottfrederick should JksSslBundleProperties.Store.location be updated to be a Resource object instead of a string then?

@scottfrederick
Copy link
Contributor

should JksSslBundleProperties.Store.location be updated to be a Resource object instead of a string

No, that's not necessary. The string value is loaded as a resource when necessary. Did you try it to see if this works as a base64: resource?

@Sineaggi
Copy link
Author

It does, yeah. Works perfectly, we're able to remove a bunch of custom parsing/file writing at startup thanks to this.

@scottfrederick scottfrederick closed this as not planned Won't fix, can't repro, duplicate, stale Jun 11, 2024
@kbhatt-equinix
Copy link

@Sineaggi
How you passed base64 string to ssl config ? I don't want to use file/location as most of all our config is passed as string config.

@philwebb philwebb mentioned this issue Jan 13, 2025
Closed
@philwebb
Copy link
Member

philwebb commented Jan 13, 2025
edited
Loading

@kbhatt-equinix, you should be able to use the base64: prefix for the resource value. E.g.:

spring:
  ssl:
    bundle:
      jks:
        mybundle:
          keystore:
            location: "base64:<the encoded value>

Your comment has made me realize that we don't have documentation for this, so I've opened #43809

@kbhatt-equinix
Copy link

thanks @philwebb - it was very helpful. was looking for base64 since last 2-3 days but was not able to find anything.
it worked for me

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
status: duplicate A duplicate of another issue
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@scottfrederick @philwebb @Sineaggi @spring-projects-issues @kbhatt-equinix