Spring Cloud Services for Cloud Foundry 3.3

PDF
3.3 3.2

Storing configuration properties

Last Updated March 13, 2025

The Spring Cloud Services Config Server can serve configuration properties from either Git or HashiCorp Vault configuration sources. Configuration properties can be applicable to all apps that use the Config Server, specific to an app, or specific to a Spring application profile.

Git

If you are using a Git configuration source, you must store properties in YAML or Java .properties files.

Global configuration

You can store configuration properties so that they are served to all apps that use the Config Server. In the configuration repository, a file named application.yml or application.properties contains configuration that will be served to all apps that access the Config Server.

Example
Using YAML Global application.yml file
message: Hi there!
Using a properties file Global application.properties file
message=Hi there!

Application-specific configuration

You can store configuration properties so that they are served only to a specific app. In the configuration repository, a file named [APP-NAME].yml or [APP-NAME].properties, where [APP-NAME] is the name of an app, contains configuration that will be served only to the APP-NAME app.

Example
Using YAML App-specific cook.yml file:
server:
  port: 80

cook:
  special: Fried Salamander
Using a properties file App-specific cook.properties file:
server.port=80

cook.special=Fried Salamander

Profile-specific configuration

You can store configuration properties so that they are served only to apps that have activated a specific Spring application profile. In the configuration repository, a file named [APP-NAME]-[PROFILE-NAME].yml or [APP-NAME]-[PROFILE-NAME].properties, where [APP-NAME] is the name of an app and [PROFILE-NAME] is the name of an application profile, contains configuration that will be served only to the APP-NAME app running with the [PROFILE-NAME] profile activated.

Within a YAML file named [APP-NAME].yml, a document that begins by setting the spring.profiles property contains configuration that will be served only to the APP-NAME app running with the profile specified by the spring.profiles property.

Example
Using YAML Profile-specific cook-dev.yml file:
server:
  port: 8080

cook:
  special: Birdfeather Tea
Using YAML Profile-specific YAML document within cook.yml file:
---
spring:
  profiles: dev

server:
  port: 8080

cook:
  special: Birdfeather Tea
Using a properties file profile-specific cook-dev.properties file:
server.port=8080

cook.special=Birdfeather Tea

Encrypted configuration

Support for decrypting encrypted configuration was added in Spring Cloud Services for Cloud Foundry v3.1.6.

You can store configuration properties in encrypted form and have these properties decrypted by the Config Server before they are served to apps. In a file within the configuration repository, properties whose values are prefixed with {cipher} will be decrypted before they are served to client apps. To use this feature, you must configure the Config Server with an encryption key as described in Encryption and Encrypted Values.

Example
Using YAML The encrypted property value must be surrounded by single quotes.
Encrypted property value in an application.yml file:
secretMenu: '{cipher}AQA90Q3GIRAMu6ToMqwS++En2iFzMXIWX99G66yaZFRHrQNq64CntqOzWymd3xE7uJp
ZKQc9XBIkfyRz/HUGhXRdf3KZQ9bqclwmR5vkiLmN9DHlAxS+6biT+7f8ptKo3fzQ0gGOBaR4kTnWLBxmVaIkjq1
Qze4aIgsgUWuhbEek+3znkH9+Mc+5zNPvwN8hhgDMDVzgZLB+4YnvWJAq3Au4wEevakAHHxVY0mXcxj1Ro+H+Zel
IzfF8K2AvC3vmvlmxy9Y49Zjx0RhMzUx17eh3mAB8UMMRJZyUG2a2uGCXmz+UunTA5n/dWWOvR3VcZyzXPFSFkhN
ekw3db9XZ7goceJSPrRN+5s+GjLCPr+KSnhLmUt1XAScMeqTieNCHT5I='
Using a properties file Encrypted property value in an application.properties file: 
secretMenu={cipher}AQA90Q3GIRAMu6ToMqwS++En2iFzMXIWX99G66yaZFRHrQNq64CntqOzWymd3xE7uJpZK
Qc9XBIkfyRz/HUGhXRdf3KZQ9bqclwmR5vkiLmN9DHlAxS+6biT+7f8ptKo3fzQ0gGOBaR4kTnWLBxmVaIkjq1Qz
e4aIgsgUWuhbEek+3znkH9+Mc+5zNPvwN8hhgDMDVzgZLB+4YnvWJAq3Au4wEevakAHHxVY0mXcxj1Ro+H+ZelIz
fF8K2AvC3vmvlmxy9Y49Zjx0RhMzUx17eh3mAB8UMMRJZyUG2a2uGCXmz+UunTA5n/dWWOvR3VcZyzXPFSFkhNek
w3db9XZ7goceJSPrRN+5s+GjLCPr+KSnhLmUt1XAScMeqTieNCHT5I=

Plain text configuration

You can store configuration in files of other file types. The Spring Cloud Services Config Client library includes a PlainTextConfigClient that can be used to retrieve the contents of a plain text file as a Spring Resource.

For more information about using the Config Server to serve plain text files to a client app, see the Use Plain Text Configuration Files section of Writing Client Applications.

HashiCorp Vault

If you are using a HashiCorp Vault configuration source, you must write secrets to the Vault server using the vault CLI tool. For more information about the Vault CLI tool, see the HashiCorp Vault documentation.

Global configuration

You can store configuration properties so that they are served to all apps that use the Config Server. A secret written to the secret/application path will be served to all apps that access the Config Server.

An example of setting a global configuration property:

$ vault write secret/application message=Greetings

Application-specific configuration

You can store configuration properties so that they are served only to a specific app. A secret written to the secret/[APP-NAME] path contains configuration that will be served only to the APP-NAME app.

An example of setting an app-specific configuration property:

$ vault write secret/cook message=Hi

Profile-specific configuration

You can store configuration properties so that they are served only to apps that have activated a specific Spring application profile. A secret written to the secret/[APP-NAME],[PROFILE-NAME] path, where [APP-NAME] is the name of an app and [PROFILE-NAME] is the name of an application profile, contains configuration that will be served only to the APP-NAME app running with the [PROFILE-NAME] profile activated.

An example of setting a profile-specific configuration property:

$ vault write secret/cook,dev message=Ho