If you started building your project off using the sample MicroservicesStarter or an equivalent Broadleaf Microservices starter project, you may have noticed that the application loaded some default client credentials that allows connectivity between the services.
For example, your main FlexPackageapplicationContext-default.xml may include some properties like below:
The default AuthenticationServices image also loads corresponding client credentials SQL records into the Auth schema blc_client table that match the service to service configurations defined above. This is where the corresponding client_id and client_secret records are stored.
Important: the client_secret is BCrypted by default.
Let’s assume that you’re getting ready to deploy your application to production on Kubernetes.
In your various FlexPackages that need to have connectivity to one another via the client credentials OAuth grant, you’ll most likely want to update the default client-secret
In this example, let’s say you wanted to update the secret for the catalogclient-id to BroadleafMicroservices!.
Step 1: Update BCrypt New Secret in Auth.BLC_CLIENT
You’ll want to update the corresponding catalogclient_id record
in the blc_client table of the auth schema.
Step 2: Override FlexPackage Env Variable
In my main FlexPackage K8 Manifest, I can pass in the following environment variable override:
Your Microservices Demo starter project ships with a test class
called com.broadleafdemo.demo.CredentialsGeneratorUtil to aid in generating keys for encryption purposes in the app across different Flex Package Compositions.
This performs the same function as KeyGeneratorUtil in Auth, but also generates a report of all ENV properties and DB updates that likely need review.
reach out to our microservices support channel if your version of the starter does not include this test class and you would like access to this example