mirror/dirigent-spring
1
0
Fork 0
mirror of https://github.com/DerDavidBohl/dirigent-spring.git synced 2026-01-04 09:29:44 -06:00
Code Issues Packages Projects Releases 12 Wiki Activity

Refacotred Secrets

Browse Source
This commit is contained in:
DerDavidBohl
2025-10-02 16:31:54 +02:00
parent f3f6e58007
commit a2f34b837d
5 changed files with 29 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
backend/src/main/java/org/davidbohl/dirigent/sercrets/Secret.java
View File

@@ -2,10 +2,8 @@ package org.davidbohl.dirigent.sercrets;
import java.util.List;
import jakarta.persistence.Column;
import jakarta.persistence.ElementCollection;
import jakarta.persistence.Entity;
import jakarta.persistence.GeneratedValue;
import jakarta.persistence.GenerationType;
import jakarta.persistence.Id;
import lombok.AllArgsConstructor;
import lombok.Getter;
@@ -19,13 +17,13 @@ import lombok.Setter;
@Entity
public class Secret {
@Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
private Long id;
private String key;
private String environmentVariable;
private String encryptedValue;
@ElementCollection
private List<String> deployments;
}

11
backend/src/main/java/org/davidbohl/dirigent/sercrets/SecretController.java
View File

@@ -3,12 +3,17 @@ package org.davidbohl.dirigent.sercrets;
import java.util.List;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.PutMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
import lombok.extern.slf4j.Slf4j;
@RestController()
@RequestMapping(path = "/api/v1/secrets")
@Slf4j
public class SecretController {
private final SecretService secretService;
@@ -18,9 +23,9 @@ public class SecretController {
this.secretService = secretService;
}
@PutMapping
public void saveSecret(SecretDto secret) {
this.secretService.saveSecret(secret.environmentVariable(), secret.value(), secret.deployments());
@PutMapping("{key}")
public void saveSecret(@RequestBody SecretDto secret, @PathVariable String key) {
this.secretService.saveSecret(key, secret.environmentVariable(), secret.value(), secret.deployments());
}
@GetMapping

2
backend/src/main/java/org/davidbohl/dirigent/sercrets/SecretDto.java
View File

@@ -2,7 +2,7 @@ package org.davidbohl.dirigent.sercrets;
import java.util.List;
public record SecretDto(String environmentVariable, String value, List<String> deployments) {
public record SecretDto(String key, String environmentVariable, String value, List<String> deployments) {
}

8
backend/src/main/java/org/davidbohl/dirigent/sercrets/SecretRepository.java
View File

@@ -1,14 +1,12 @@
package org.davidbohl.dirigent.sercrets;
import java.util.List;
import java.util.Optional;
import org.springframework.data.jpa.repository.JpaRepository;
public interface SecretRepository extends JpaRepository<Secret, Long> {
public interface SecretRepository extends JpaRepository<Secret, String> {
Optional<Secret> findByKey(String key);
List<Secret> findByDeploymentsContaining(String deployment);
List<Secret> findAllByDeploymentsContaining(String deployment);
List<Secret> findAllByEnvironmentVariableAndDeploymentsContaining(String environmentVariable, String deployment);
}

28
backend/src/main/java/org/davidbohl/dirigent/sercrets/SecretService.java
View File

@@ -11,8 +11,11 @@ import javax.crypto.spec.SecretKeySpec;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Service;
import lombok.extern.slf4j.Slf4j;
@Service
@Slf4j
public class SecretService {
private static final String ALGORITHM = "AES";
@@ -30,10 +33,11 @@ public class SecretService {
this.secretRepository = secretRepository;
}
public void saveSecret(String environmentVariable, String value, List<String> deployments) {
public void saveSecret(String key, String environmentVariable, String value, List<String> deployments) {
try {
String encrypted = encrypt(value);
Secret secret = new Secret(null, environmentVariable, encrypted, deployments);
Secret secret = new Secret(key, environmentVariable, encrypted, deployments);
secretRepository.save(secret);
} catch (Exception e) {
throw new RuntimeException("Saving Secret failed", e);
@@ -41,11 +45,16 @@ public class SecretService {
}
public Map<String, String> getAllSecretsAsEnvironmentVariableMapByDeployment(String deployment) {
List<Secret> secrets = secretRepository.findByDeploymentsContaining(deployment);
List<Secret> secrets = secretRepository.findAllByDeploymentsContaining(deployment);
Map<String, String> result = new HashMap<>();
for (Secret secret : secrets) {
result.put(secret.getEnvironmentVariable(), getSecret(secret.getEncryptedValue()));
try {
result.put(secret.getEnvironmentVariable(), decrypt(secret.getEncryptedValue()));
} catch(Exception ex) {
log.error("Failed to decrypt secret <" + secret.getKey() + "> for Env Var <" + secret.getEnvironmentVariable() + "> and Deployment <" + deployment + ">.");
throw new RuntimeException(ex);
}
}
return result;
@@ -53,19 +62,10 @@ public class SecretService {
public List<SecretDto> getAllSecretsWithoutValues() {
return secretRepository.findAll().stream().map(
s -> new SecretDto(s.getEnvironmentVariable(), null, s.getDeployments())
s -> new SecretDto(s.getKey(), s.getEnvironmentVariable(), null, s.getDeployments())
).toList();
}
private String getSecret(String key) {
try {
Secret secret = secretRepository.findByKey(key).orElseThrow();
return decrypt(secret.getEncryptedValue());
} catch (Exception e) {
throw new RuntimeException("Reading Secret failed", e);
}
}
private String encrypt(String value) throws Exception {
SecretKeySpec keySpec = new SecretKeySpec(encryptionKey.getBytes(), ALGORITHM);
Cipher cipher = Cipher.getInstance(ALGORITHM);