Use Jasypt to encrypt the SpringBoot configuration file

scenario

Currently, spring-boot is used for development. For example, the passwords of database mysql, Redis and other related basic services are still configured in the application services in plain text. Therefore, it is difficult to guarantee the data security of the whole company, so a method is needed to solve the problem of exposing the passwords

The solution

Searching on the Internet, I finally found that there was a tool class Jar (Jasypt) of encryption algorithm provided by three parties, and the project address was github

The usage is as follows

Take the Spring-Boot project as an example

The first step is to introduce the associated dependencies

<dependency> <groupId>com.github.ulisesbocchio</groupId> <artifactId>jasypt-spring-boot-starter</artifactId> The < version > 3.0.2 < / version > < / dependency >Copy the code

Step 2 download the corresponding JAYpt JAR package

Maven download
Step 3 Run the following command to encrypt sensitive data

Java - cp jasypt - 1.9.3. Jar org. Jasypt. Intf. Cli. JasyptPBEStringEncryptionCLI password = bq71wIW5Lpzqqm3Y algorithm=PBEWithMD5AndDES input=rootCopy the code

The parameter

The parameter value	meaning
password	Encryption of salt
algorithm	The algorithm used for encryption
input	The field to encrypt

The following output is displayed:

    ----ENVIRONMENT-----------------
    
    Runtime: Oracle Corporation Java HotSpot(TM) 64-Bit Server VM 25.111-b14
    
    
    
    ----ARGUMENTS-------------------
    
    input: root
    algorithm: PBEWithMD5AndDES
    password: bq71wIW5Lpzqqm3Y
    
    
    
    ----OUTPUT----------------------
    
    yrRYydkan5GPHrUP5oNDzA==
    
Copy the code

-OUTPUT- Indicates the OUTPUT under the encrypted string

Step 4 Configure the properties or YAML file and configure ENC(encryption string) to application.properties or applicaition.yml

spring:
  datasource:
    driver-class-name: com.mysql.cj.jdbc.Driver
    hikari:
      auto-commit: true
      connection-test-query: SELECT 1
      connection-timeout: 30000
      idle-timeout: 30000
      max-lifetime: 1800000
      maximum-pool-size: 15
      minimum-idle: 5
      pool-name: DatebookHikariCP
    password: ENC(zStr9GBzu706rMHZJIEm6rbMSzQLHqTk)
    type: com. Zaxxer. Hikari. HikariDataSource url: JDBC: mysql: / / 127.0.0.1:3306 / dive? useUnicode=true&characterEncoding=UTF-8&autoReconnect=true&useSSL=false&zeroDateTimeBehavior=convertToNull
    username: ENC(yrRYydkan5GPHrUP5oNDzA==)
Copy the code

Step 5 When starting the project, add the command parameters, using the salt used in the encryption above as the parameter

java -jar -Djasypt.encryptor.password=bq71wIW5Lpzqqm3Y xxx.jar
Copy the code

Use Jasypt to encrypt the SpringBoot configuration file

scenario

The solution

The usage is as follows

Related Posts

Serverless application engine SAE and Spectral testing to jointly fight the epidemic

Ali, a programmer, share my Ali Java internship ten rounds of interview!

Climb B station video information is so simple!!