1. The background
Do you know the username and password of your production database?
What, you know that? Take a look at how to encrypt it to prevent password leakage.
2.Jasypt
The easiest way to use Jasypt is using its easy encryption tools, which are called the utils, because they live in the org.jasypt.util package.
They are called utils because they are ready-to-use, preconfigured digesters and encryptors you can use without knowing much about their configuration.
3.jasypt-spring-boot
Jasypt Spring Boot provides Encryption support for property sources in Spring Boot Applications.
4. Easy version – Quick to use
Let’s start with the simplest version to see how it works.
1. Add the Maven plugin
Add the following plugin to pom.xml in the module of the configuration file we want to encrypt
<plugin>
<groupId>com.github.ulisesbocchio</groupId>
<artifactId>jasypt-maven-plugin</artifactId>
<version>3.03.</version>
</plugin>
Copy the code2. Modify the character string to be encrypted in the configuration file
DEC() is used to wrap database usernames and passwords
spring.datasource.username=DEC(root)
spring.datasource.password=DEC(admin)
Copy the code3. Run the Maven plugin plugin command to encrypt the configuration file
Switch to the module directory where the plugin was configured and execute the following command
mvn jasypt:encrypt -Djasypt.encryptor.password="the password"
Copy the codeAfter success, we can see that the configuration file to be encrypted, changed to the following, this time people get your code, also do not know what the username and password is, and done.
spring.datasource.username=ENC(/xSAK8u53npb+F+hH+DpvcVzE0qm5ubh5BhLgqyWK1mFzSz1MVzKvu/NlEKGl/Iy)
spring.datasource.password=ENC(BHUN3TvKMaerfSOiFfCrxyGHAyYxB3qOzstn/eqaXA54WlYCairCTAjrY+68TA4w)
Copy the code4. Configure the password for decryption and start the project
Can the project still start with this configuration file? Sure, but we need to specify the password that is passed in when the Maven plugin is executed.
--jasypt.encryptor.password="the password"
Copy the codeI tested with IDEA, so I filled in the parameters in Program Arguablyments, as shown below:
Is it very simple, want to simple test, source address below.
5, Advanced version – custom encryption algorithm
Sometimes, the default encryption algorithm security level is not appropriate, this time we need to customize the encryption algorithm, come on!
Implement the Encryption and decryption method on the StringEncryptor interface
Note the addition of the @component annotation, encryption, decryption in the sample code to demonstrate the effect, a simple string substitution is used.
@Component
public class MyStringEncryptor implements StringEncryptor {
@Override
public String encrypt(String s) {
switch (s) {
case "root":
return "root-en";
case "admin":
return "admin-en";
}
return null;
}
@Override
public String decrypt(String s) {
switch (s) {
case "root-en":
return "root";
case "admin-en":
return "admin";
}
return null; }}Copy the code2. Modify the configuration file and manually configure the encrypted character string
At this time, we can not use the plug-in command to encrypt, we need to manually encrypt, the project is only responsible for decryption
spring.datasource.username=ENC(root-en)
spring.datasource.password=ENC(admin-en)
Copy the code3. Specify our encryption and decryption class
jasypt.encryptor.bean=myStringEncryptor
Copy the code4. Start the project
--jasypt.encryptor.password="the password"
Copy the code6. Practice code
The code has been uploaded to github, github.com/zmdstr/jasy…
7. Refer to articles and recommended reading
jasypt
jasypt-spring-boot