How to encrypt Spring Boot configuration files with Jasypt

Preface

This article mainly introduces Jasypt's related methods to encrypt Spring Boot configuration files. I won't say much below, let's take a look at the detailed introduction together.

The method is as follows:

Introducing jasypt

 <dependency> <groupId>com.github.ulisesbocchio</groupId> <artifactId>jasypt-spring-boot-starter</artifactId> <version>2.0.0</version></dependency>

Generate strings to be encrypted

Encrypt the username and password of the database

 public static void main(String[] args) { BasicTextEncryptor textEncryptor = new BasicTextEncryptor(); //Salt(salt) required for encryption textEncryptor.setPassword("G0CvDz7oJn6"); //The data to be encrypted (username or password of the database) String username = textEncryptor.encrypt("root"); String password = textEncryptor.encrypt("root123"); System.out.println("username:"+username); System.out.println("password:"+password); }

The output information is:

username:i8QgEN4uOy2E1rHzrpSTYA==
password:6eaMh/RX5oXUVca9ignvtg==

Or use Maven to download the jar package to encrypt /Maven/org/jasypt/jasypt/1.9.2/jasypt-1.9.2.jar

 java -cp jasypt-1.9.2.jar org.jasypt.intf.cli.JasyptPBEStringEncryptionCLI password=G0CvDz7oJn6 algorithm=PBEWithMD5AndDES input=root

The output information is:

---ENVIRONMENT----------------------
Runtime: Oracle Corporation Java HotSpot(TM) 64-Bit Server VM 25.171-b11

---ARGUMENTS-----------------------------------------------------------------------------------------------------------------------
input: root
algorithm: PBEWithMD5AndDES
password: G0CvDz7oJn6

---OUTPUT---------------------------
Gvkoz+sbFWiRe3ECtizV1A==

Just copy the results under OUTPUT-

Configure properties files

Configure the generated encryption string ENC (encryption string) into application.properties

 # salt(salt) required for encryption jasypt.encryptor.password=G0CvDz7oJn6# The default encryption method PBEWithMD5AndDES can be changed to PBEWithMD5AndTripleDES# jasypt.encryptor.algorithm=PBEWithMD5AndDESspring.datasource.username=ENC(6eaMh/RX5oXUVca9ignvtg==)spring.datasource.password=ENC(6eaMh/RX5oXUVca9ignvtg==)spring.datasource.password=ENC(6eaMh/RX5oXUVca9ignvtg==)

The corresponding classes of encryption are BasicTextEncryptor and StrongTextEncryptor

 public BasicTextEncryptor() { super(); this.encryptor = new StandardPBEStringEncryptor(); this.encryptor.setAlgorithm("PBEWithMD5AndDES");}public StrongTextEncryptor() { super(); this.encryptor = new StandardPBEStringEncryptor(); this.encryptor.setAlgorithm("PBEWithMD5AndTripleDES");}

Class diagram

Configure the salt value during deployment

In order to prevent salt (salt) from leaking, unrelease the password. You can use the command to pass in the salt (salt) value when deploying the project.

 java -jar -Djasypt.encryptor.password=G0CvDz7oJn6 xxx.jar

Or configure it in the server environment variables to further improve security

Open /etc/profile file
vim /etc/profile

Insert at the end of the file
export JASYPT_PASSWORD = G0CvDz7oJn6

Compilation
source /etc/profile

run
java -jar -Djasypt.encryptor.password=${JASYPT_PASSWORD} xxx.jar

Official address: https://github.com/ulisesbocchio/jasypt-spring-boot (local download)

Summarize

The above is the entire content of this article. I hope that the content of this article has certain reference value for everyone's study or work. If you have any questions, you can leave a message to communicate. Thank you for your support to Wulin.com.