More and more often it's all about configuration and some hidden "setting" which does the job...
Spring Config Server allows to fetch a configuration from the remote git repository via https:
I'm not a security expert, but this approach has an obvious downside ("username" and "password" in code). One might argue that it's possible to inject the values via environment variables or using some other technique. Nonetheless, the main flaw is the idea of supplying "username" and "password" in the first place.
An alternative way and the problem
An better technique is to use ssh key:
It's a good solution, but doesn't work out of the box. According to spring docs it should:
If you do not use HTTPS and user credentials, SSH should also work out of the box when you store keys in the default directories (
~/.ssh) and the URI points to an SSH location, such as
firstname.lastname@example.org:configuration/cloud-configuration. It is important that an entry for the Git server be present in the
~/.ssh/known_hostsfile and that it is in
ssh-rsaformat. Other formats (such as
ecdsa-sha2-nistp256) are not supported. To avoid surprises, you should ensure that only one entry is present in the
known_hostsfile for the Git server and that it matches the URL you provided to the config server. If you use a hostname in the URL, you want to have exactly that (not the IP) in the
known_hostsfile. The repository is accessed by using JGit, so any documentation you find on that should be applicable. HTTPS proxy settings can be set in
~/.git/configor (in the same way as for any other JVM process) with system properties (
After googling around I found multiple threads on StackOverflow that helped other people. Particularly, this one Spring Cloud Config cannot clone private bitbucket repository using ssh key. However, after applying proper configuration in my
~/.ssh/config file it still didn't work (as you can see from the screenshot for this post).
Turns out the problem is hidden in the bowels of Mac OS Mojave (and any later version). By default, It creates the key in different, new "OpenSSH" format where Spring only supports
ssh-rsa (more on this here). The solution is to re-generate ssh key for the account using the following command:
Once I applied newly generated key, the application was able to start successfully:
Thanks to Wpigott who pointed this solution.