Address review comments: disable by default and add docs

Author: johnycho

docs/modules/ROOT/pages/server/environment-repository.adoc

@@ -39,3 +39,36 @@ You can set `spring.cloud.config.server.accept-empty` to `false` so that Server
 
 NOTE:  You cannot place `spring.main.*` properties in a remote `EnvironmentRepository`.  These properties are used as part of the application initialization.
 
+== File Content Resolution
+
+The Config Server can resolve the content of local files and serve them as Base64 encoded values.
+This is particularly useful for serving binary files, such as SSL keystores or certificates, within configuration properties.
+
+To enable this feature, you must set the following property (it is disabled by default for security reasons):
+
+[source,yaml]
+----
+spring:
+  cloud:
+    config:
+      server:
+        file-resolving:
+          enabled: true
+----
+
+WARNING: Enabling this feature allows the Config Server to read files from the local file system where the server is running. Ensure that the process has appropriate file system permissions and is running in a secure environment.
+
+When this feature is enabled, you can use the `{file}` prefix in your configuration values followed by the path to the file.
+The Config Server will read the file, encode its content to a Base64 string, and replace the property value.
+
+For example, in your backing repository (e.g., Git or Native), you can define a property like this:
+
+[source,yaml]
+----
+server:
+  ssl:
+    key-store: {file}/etc/certs/keystore.jks
+    key-password: my-secret-password
+----
+
+In this example, the Config Server reads `/etc/certs/keystore.jks`, encodes it, and returns the Base64 string as the value of `server.ssl.key-store`.

spring-cloud-config-server/src/main/java/org/springframework/cloud/config/server/config/FileResolvingEnvironmentRepositoryConfiguration.java

@@ -1,3 +1,19 @@
+/*
+ * Copyright 2024-2026 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
 package org.springframework.cloud.config.server.config;
 
 import org.springframework.boot.autoconfigure.AutoConfigureAfter;
@@ -22,7 +38,7 @@ public class FileResolvingEnvironmentRepositoryConfiguration {
 	@Bean
 	@Primary
 	@ConditionalOnBean(EnvironmentRepository.class)
-	@ConditionalOnProperty(value = "spring.cloud.config.server.file-resolving.enabled", matchIfMissing = true)
+	@ConditionalOnProperty(value = "spring.cloud.config.server.file-resolving.enabled", havingValue = "true")
 	public FileResolvingEnvironmentRepository fileResolvingEnvironmentRepository(EnvironmentRepository environmentRepository) {
 		return new FileResolvingEnvironmentRepository(environmentRepository);
 	}

spring-cloud-config-server/src/main/java/org/springframework/cloud/config/server/environment/FileResolvingEnvironmentRepository.java

@@ -1,3 +1,19 @@
+/*
+ * Copyright 2024-2026 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
 package org.springframework.cloud.config.server.environment;
 
 import java.io.File;
@@ -7,6 +23,7 @@
 import java.util.List;
 import java.util.Map;
 import java.util.Objects;
+
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.springframework.cloud.config.environment.Environment;
@@ -53,7 +70,8 @@ public Environment findOne(String application, String profile, String label) {
 						String base64Content = readFileToBase64(filePath);
 						modifiedMap.put(entry.getKey(), base64Content);
 						modified = true;
-					} catch (IOException e) {
+					}
+					catch (IOException e) {
 						log.warn(String.format("Failed to resolve file content for property '%s'. path: %s", entry.getKey(), filePath), e);
 					}
 				}

spring-cloud-config-server/src/test/java/org/springframework/cloud/config/server/config/FileResolvingEnvironmentRepositoryConfigurationTests.java

@@ -0,0 +1,83 @@
+/*
+ * Copyright 2024-2026 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.cloud.config.server.config;
+
+import org.junit.jupiter.api.Test;
+
+import org.springframework.boot.autoconfigure.AutoConfigurations;
+import org.springframework.boot.test.context.runner.ApplicationContextRunner;
+import org.springframework.cloud.config.server.environment.EnvironmentRepository;
+import org.springframework.cloud.config.server.environment.FileResolvingEnvironmentRepository;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.Mockito.mock;
+
+/**
+ * Tests for {@link FileResolvingEnvironmentRepositoryConfiguration}.
+ */
+class FileResolvingEnvironmentRepositoryConfigurationTests {
+
+	private final ApplicationContextRunner contextRunner = new ApplicationContextRunner()
+		.withConfiguration(AutoConfigurations.of(FileResolvingEnvironmentRepositoryConfiguration.class));
+
+	@Test
+	void shouldNotConfigureByDefault() {
+		this.contextRunner
+			.withUserConfiguration(MockRepositoryConfiguration.class)
+			.run(context -> assertThat(context).doesNotHaveBean(FileResolvingEnvironmentRepository.class));
+	}
+
+	@Test
+	void shouldNotConfigureIfExplicitlyDisabled() {
+		this.contextRunner
+			.withUserConfiguration(MockRepositoryConfiguration.class)
+			.withPropertyValues("spring.cloud.config.server.file-resolving.enabled=false")
+			.run(context -> assertThat(context).doesNotHaveBean(FileResolvingEnvironmentRepository.class));
+	}
+
+	@Test
+	void shouldConfigureIfExplicitlyEnabled() {
+		this.contextRunner
+			.withUserConfiguration(MockRepositoryConfiguration.class)
+			.withPropertyValues("spring.cloud.config.server.file-resolving.enabled=true")
+			.run(context -> {
+				assertThat(context).hasSingleBean(FileResolvingEnvironmentRepository.class);
+				assertThat(context.getBean(EnvironmentRepository.class))
+					.isInstanceOf(FileResolvingEnvironmentRepository.class);
+			});
+	}
+
+	@Test
+	void shouldNotConfigureIfDelegateIsMissing() {
+		this.contextRunner
+			.withPropertyValues("spring.cloud.config.server.file-resolving.enabled=true")
+			.run(context -> assertThat(context).doesNotHaveBean(FileResolvingEnvironmentRepository.class));
+	}
+
+	@Configuration(proxyBeanMethods = false)
+	static class MockRepositoryConfiguration {
+
+		@Bean
+		EnvironmentRepository environmentRepository() {
+			return mock(EnvironmentRepository.class);
+		}
+
+	}
+
+}

spring-cloud-config-server/src/test/java/org/springframework/cloud/config/server/environment/FileResolvingEnvironmentRepositoryTests.java

@@ -1,3 +1,19 @@
+/*
+ * Copyright 2024-2026 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
 package org.springframework.cloud.config.server.environment;
 
 import java.io.File;