KeyStoreConfiguration loaded too late in bootstrap

[JWThewes]

After updating to the latest 1.3.2 release we found out our ConfigServer isn't decrypting {cipher} values anymore.
After digging deep into the ConfigServer I noticed that the KeyStoreConfiguration is loaded after the EncryptorConfiguration.
This results in an SingleTextEncryptorLocator (with a NoOpTextEncryptor) being used instead of the desired KeyStoreTextEncryptorLocator.

I've been able to workaround it moving the encrypt.key-store.location property from the application.ym to the bootstrap.yml.
There are two possible solutions for this:

1. Update the documentation to reflect that the encryp.key-store properties need to be placed inside the bootstrap.yml
2. Make sure the KeyStoreTextEncryptorLocator is configured before configuring the EnvironmentEncryptor

[ojhughes]

I think this is related to #760

[spencergibb]

@JWThewes we pushed a change for #760 can you try snapshots and see if it fixes your issue?

[JWThewes]

Sorry I've been on holiday. Is this included in the released version 1.3.2?

[JWThewes]

@spencergibb I tried with 1.3.3.BUILD-SNAPSHOT. Doesn't work for me.

[spencergibb]

@JWThewes can you create a small sample that recreates the problems. Your symptoms sound exactly like #760

[JWThewes]

Of course I’ll do it. 1.3.3-BUILD-SNAPSHOT is correct?

[spencergibb]

yes, thanks

[JWThewes]

@spencergibb I created a small sample demonstrating the issue. One part is the ConfigServer and one the ConfigClient. If you start both and open http://localhost:8080/test you should get "goodpassword" as a result.
Currently you get the decrypted password.
As soon as you move everything under the encryption: block from application.yml to bootstrap.yml and restart both applications it works.

Hope this helps. If you need any further information feel free to contact anytime.

configserver-issue.zip

[spencergibb]

EncryptionAutoConfiguration is loaded as a BootstrapConfiguration, therefore the keystore information must go in bootstrap.yaml

[spencergibb]

So the solution here is to note that for config server

Update the documentation to reflect that the encryp.key-store properties need to be placed inside the bootstrap.yml