Sample Dropwizard (V0.7.0-rc1) service decrypt credentials at startup using private key stored in the windows cert manager

DropwizardService.java

package com.github.asamaraw.dropwizardservice;

import java.security.Key;
import java.security.KeyStore;
import java.security.PrivateKey;

import javax.crypto.Cipher;

import lombok.extern.slf4j.Slf4j;

import com.github.asamaraw.dropwizardservice.health.ServiceHealthCheck;
import com.github.asamaraw.dropwizardservice.resources.AppCredentialsResource;
import com.github.asamaraw.dropwizardservice.resources.SampleResource;
import com.sun.jersey.core.util.Base64;

import io.dropwizard.Application;
import io.dropwizard.setup.Bootstrap;
import io.dropwizard.setup.Environment;

@Slf4j
public class DropwizardService extends Application<DropwizardServiceConfiguration> {

    public static void main(String[] args)
    throws Exception
    {
        new DropwizardService().run(args);
    }

    @Override
    public void run(DropwizardServiceConfiguration configuration, Environment environment)
    throws Exception
    {
        initializeSecrets(configuration);

        // Set system property for the healthcheck
        System.setProperty("serviceHealth", "true");

        environment.healthChecks().register("service-healthcheck", new ServiceHealthCheck());

        environment.jersey().register(new SampleResource());
        environment.jersey().register(new AppCredentialsResource());
    }

    @Override
    public void initialize(Bootstrap<DropwizardServiceConfiguration> bootstrap)
    {
        // bootstrap stuff
    }

    @Override
    public String getName() {
        return "Sample dropwizard service";
    }

    private void initializeSecrets(DropwizardServiceConfiguration configuration) {
        try {
            KeyStore keyStore = KeyStore.getInstance("Windows-MY");
            keyStore.load(null, null);
            Key key = keyStore.getKey(configuration.getSecretKeyAlias(), null);

            PrivateKey prKey = null;
            if (key instanceof PrivateKey) {
                prKey = (PrivateKey) key;
            }
            else {
                throw new Exception("No private key found!");
            }

            decryptAndSetProperty("appId", configuration.getAppId(), prKey);
            decryptAndSetProperty("appSecret", configuration.getAppSecret(), prKey);
        }
        catch (Exception e) {
            log.info(e.getStackTrace().toString());
        }
    }

    private void decryptAndSetProperty(String propertyName, String propertyValue, PrivateKey key)
    throws Exception {
        byte[] inBytes = Base64.decode(propertyValue);
        Cipher cipher = Cipher.getInstance("RSA");
        cipher.init(Cipher.DECRYPT_MODE, key);
        byte[] decryptePropValue = cipher.doFinal(inBytes);
        System.setProperty(propertyName, new String(decryptePropValue, "UTF8"));
    }
}

dropwizardService.yml

secretKeyAlias: Encryption-Secret
appId: AH4tT5ll8SKjfCs6OoWb2W5CksaYEZAGg0bkcA0tkcJxh54+9vPBCzaybNT7uzOshSFbqX0wWz8J741p9Q9RN+yZ9Eejq8XNq9hQNS6fDJ0VBOFsNrPwqceb7cNMMku6PRTjy36kH02DD9xPEOz/WqR+mv2rj1Q0I/PPca0qnMA=
appSecret: kroDQz4dr9HN0OBRwFHL96b30hcp3ceJaxneli7kfFaCbhNKKj9UtcbdrCF9cDf93pTxj2Y34mHBzbfS5TN4YH81ItA9jlhZLLOksr6AXo8yjIj355hILj0kR86r4FisOS6dKfSMIunoKGzjIOLCweQ8Jc6EjTtMzapnxtHYBzU=

# use the simple server factory if you only want to run on a single port
#server:
#  type: simple
#  connector:
#    type: http
#    port: 8080

server:
#  softNofileLimit: 1000
#  hardNofileLimit: 1000
  applicationConnectors:
    - type: http
      port: 8080
    # - type: https
    #   port: 8443
    #   keyStorePath: example.keystore
    #   keyStorePassword: example
    #   validateCerts: false
# this requires the npn-boot library on the JVM's boot classpath
#    - type: spdy
#      port: 8445
#      keyStore: example.keystore
#      keyStorePassword: example
#      validateCerts: false
  adminConnectors:
    - type: http
      port: 8081
    # - type: https
    #   port: 8444
    #   keyStorePath: example.keystore
    #   keyStorePassword: example
    #   validateCerts: false

# Logging settings.
logging:

  # The default level of all loggers. Can be OFF, ERROR, WARN, INFO, DEBUG, TRACE, or ALL.
  level: INFO

  # Logger-specific levels.
  loggers:

    # Sets the level for 'com.example.app' to DEBUG.
    com.example.app: DEBUG

  appenders:
    - type: console

DropwizardServiceConfiguration.java

package com.github.asamaraw.dropwizardservice;

import org.hibernate.validator.constraints.NotEmpty;

import io.dropwizard.Configuration;

public class DropwizardServiceConfiguration extends Configuration {

    @NotEmpty
    private String secretKeyAlias;

    @NotEmpty
    private String appSecret;

    @NotEmpty
    private String appId;

    public String getAppId() {
        return appId;
    }

    public void setAppId(String appId) {
        this.appId = appId;
    }

    public String getSecretKeyAlias() {
        return secretKeyAlias;
    }

    public void setSecretKeyAlias(String secretKeyAlias) {
        this.secretKeyAlias = secretKeyAlias;
    }

    public String getAppSecret() {
        return appSecret;
    }

    public void setAppSecret(String appSecret) {
        this.appSecret = appSecret;
    }

}