From a2f34b837d23eb6cc12e0a6e9f01bf6bd83304ab Mon Sep 17 00:00:00 2001 From: DerDavidBohl Date: Thu, 2 Oct 2025 16:31:54 +0200 Subject: [PATCH] Refacotred Secrets --- .../davidbohl/dirigent/sercrets/Secret.java | 8 ++---- .../dirigent/sercrets/SecretController.java | 11 ++++++-- .../dirigent/sercrets/SecretDto.java | 2 +- .../dirigent/sercrets/SecretRepository.java | 8 ++---- .../dirigent/sercrets/SecretService.java | 28 +++++++++---------- 5 files changed, 29 insertions(+), 28 deletions(-) diff --git a/backend/src/main/java/org/davidbohl/dirigent/sercrets/Secret.java b/backend/src/main/java/org/davidbohl/dirigent/sercrets/Secret.java index 294c443..de85369 100644 --- a/backend/src/main/java/org/davidbohl/dirigent/sercrets/Secret.java +++ b/backend/src/main/java/org/davidbohl/dirigent/sercrets/Secret.java @@ -2,10 +2,8 @@ package org.davidbohl.dirigent.sercrets; import java.util.List; -import jakarta.persistence.Column; +import jakarta.persistence.ElementCollection; import jakarta.persistence.Entity; -import jakarta.persistence.GeneratedValue; -import jakarta.persistence.GenerationType; import jakarta.persistence.Id; import lombok.AllArgsConstructor; import lombok.Getter; @@ -19,13 +17,13 @@ import lombok.Setter; @Entity public class Secret { @Id - @GeneratedValue(strategy = GenerationType.IDENTITY) - private Long id; + private String key; private String environmentVariable; private String encryptedValue; + @ElementCollection private List deployments; } \ No newline at end of file diff --git a/backend/src/main/java/org/davidbohl/dirigent/sercrets/SecretController.java b/backend/src/main/java/org/davidbohl/dirigent/sercrets/SecretController.java index c3f769d..a78f4a9 100644 --- a/backend/src/main/java/org/davidbohl/dirigent/sercrets/SecretController.java +++ b/backend/src/main/java/org/davidbohl/dirigent/sercrets/SecretController.java @@ -3,12 +3,17 @@ package org.davidbohl.dirigent.sercrets; import java.util.List; import org.springframework.web.bind.annotation.GetMapping; +import org.springframework.web.bind.annotation.PathVariable; import org.springframework.web.bind.annotation.PutMapping; +import org.springframework.web.bind.annotation.RequestBody; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RestController; +import lombok.extern.slf4j.Slf4j; + @RestController() @RequestMapping(path = "/api/v1/secrets") +@Slf4j public class SecretController { private final SecretService secretService; @@ -18,9 +23,9 @@ public class SecretController { this.secretService = secretService; } - @PutMapping - public void saveSecret(SecretDto secret) { - this.secretService.saveSecret(secret.environmentVariable(), secret.value(), secret.deployments()); + @PutMapping("{key}") + public void saveSecret(@RequestBody SecretDto secret, @PathVariable String key) { + this.secretService.saveSecret(key, secret.environmentVariable(), secret.value(), secret.deployments()); } @GetMapping diff --git a/backend/src/main/java/org/davidbohl/dirigent/sercrets/SecretDto.java b/backend/src/main/java/org/davidbohl/dirigent/sercrets/SecretDto.java index 663f5e7..683a181 100644 --- a/backend/src/main/java/org/davidbohl/dirigent/sercrets/SecretDto.java +++ b/backend/src/main/java/org/davidbohl/dirigent/sercrets/SecretDto.java @@ -2,7 +2,7 @@ package org.davidbohl.dirigent.sercrets; import java.util.List; -public record SecretDto(String environmentVariable, String value, List deployments) { +public record SecretDto(String key, String environmentVariable, String value, List deployments) { } diff --git a/backend/src/main/java/org/davidbohl/dirigent/sercrets/SecretRepository.java b/backend/src/main/java/org/davidbohl/dirigent/sercrets/SecretRepository.java index 054c71e..d7316ba 100644 --- a/backend/src/main/java/org/davidbohl/dirigent/sercrets/SecretRepository.java +++ b/backend/src/main/java/org/davidbohl/dirigent/sercrets/SecretRepository.java @@ -1,14 +1,12 @@ package org.davidbohl.dirigent.sercrets; import java.util.List; -import java.util.Optional; import org.springframework.data.jpa.repository.JpaRepository; -public interface SecretRepository extends JpaRepository { +public interface SecretRepository extends JpaRepository { - Optional findByKey(String key); - - List findByDeploymentsContaining(String deployment); + List findAllByDeploymentsContaining(String deployment); + List findAllByEnvironmentVariableAndDeploymentsContaining(String environmentVariable, String deployment); } \ No newline at end of file diff --git a/backend/src/main/java/org/davidbohl/dirigent/sercrets/SecretService.java b/backend/src/main/java/org/davidbohl/dirigent/sercrets/SecretService.java index dc575f8..9914a31 100644 --- a/backend/src/main/java/org/davidbohl/dirigent/sercrets/SecretService.java +++ b/backend/src/main/java/org/davidbohl/dirigent/sercrets/SecretService.java @@ -11,8 +11,11 @@ import javax.crypto.spec.SecretKeySpec; import org.springframework.beans.factory.annotation.Value; import org.springframework.stereotype.Service; +import lombok.extern.slf4j.Slf4j; + @Service +@Slf4j public class SecretService { private static final String ALGORITHM = "AES"; @@ -30,10 +33,11 @@ public class SecretService { this.secretRepository = secretRepository; } - public void saveSecret(String environmentVariable, String value, List deployments) { + public void saveSecret(String key, String environmentVariable, String value, List deployments) { try { + String encrypted = encrypt(value); - Secret secret = new Secret(null, environmentVariable, encrypted, deployments); + Secret secret = new Secret(key, environmentVariable, encrypted, deployments); secretRepository.save(secret); } catch (Exception e) { throw new RuntimeException("Saving Secret failed", e); @@ -41,11 +45,16 @@ public class SecretService { } public Map getAllSecretsAsEnvironmentVariableMapByDeployment(String deployment) { - List secrets = secretRepository.findByDeploymentsContaining(deployment); + List secrets = secretRepository.findAllByDeploymentsContaining(deployment); Map result = new HashMap<>(); for (Secret secret : secrets) { - result.put(secret.getEnvironmentVariable(), getSecret(secret.getEncryptedValue())); + try { + result.put(secret.getEnvironmentVariable(), decrypt(secret.getEncryptedValue())); + } catch(Exception ex) { + log.error("Failed to decrypt secret <" + secret.getKey() + "> for Env Var <" + secret.getEnvironmentVariable() + "> and Deployment <" + deployment + ">."); + throw new RuntimeException(ex); + } } return result; @@ -53,19 +62,10 @@ public class SecretService { public List getAllSecretsWithoutValues() { return secretRepository.findAll().stream().map( - s -> new SecretDto(s.getEnvironmentVariable(), null, s.getDeployments()) + s -> new SecretDto(s.getKey(), s.getEnvironmentVariable(), null, s.getDeployments()) ).toList(); } - private String getSecret(String key) { - try { - Secret secret = secretRepository.findByKey(key).orElseThrow(); - return decrypt(secret.getEncryptedValue()); - } catch (Exception e) { - throw new RuntimeException("Reading Secret failed", e); - } - } - private String encrypt(String value) throws Exception { SecretKeySpec keySpec = new SecretKeySpec(encryptionKey.getBytes(), ALGORITHM); Cipher cipher = Cipher.getInstance(ALGORITHM);