Jasypt with spring boot
What is jasypt ?
Jasypt (Java Simplified Encryption) library, which allows the
developer to add basic encryption capabilities to their project and encrypt
texts, passwords inside property file. Support for Spring based project
& compatible with Spring security.
Steps to configure jasypt in spring boot application
Step1:
Add maven dependency to pom.xml
<dependency>
<groupId>com.github.ulisesbocchio</groupId>
<artifactId>jasypt-spring-boot-starter</artifactId>
<version>2.1.2</version>
</dependency>
Step 2:
Add bean in configuration class
@Bean
public static EnvironmentStringPBEConfig environmentVariablesConfiguration() {
EnvironmentStringPBEConfig config = new EnvironmentStringPBEConfig();
config.setPasswordEnvName("APP_ENCRYPTION_PASSWORD");
config.setAlgorithm("PBEWithMD5AndDES");
config.setKeyObtentionIterations("1000");
config.setPoolSize("1");
config.setProviderName("SunJCE");
config.setSaltGeneratorClassName("org.jasypt.salt.RandomSaltGenerator");
config.setStringOutputType("base64");
return config;
}
@Bean(name="jasyptStringEncryptor")
public static PooledPBEStringEncryptor stringEncryptor() {
PooledPBEStringEncryptor encryptor = new PooledPBEStringEncryptor();
encryptor.setConfig(environmentVariablesConfiguration());
return encryptor;
}
Step 3:
Download
latest Jasypt client, In my case I downloaded jasypt-1.9.2-dist.zip
Suppose
you want to encrypt property - spring.datasource.username=root
Unzip the client downloaded and open command prompt and run the
following command (in case of windows machine)
Command : encrypt.bat input=root
password=dev2a
Note: I have used password = dev2a to
encrypt the property value 'root'
The
output will be:
----ENVIRONMENT-----------------
Runtime: Oracle Corporation Java HotSpot(TM) 64-Bit Server
VM 25.201-b09
----ARGUMENTS-------------------
input: root
password: dev2a
----OUTPUT----------------------
aviF4d2QFCTH4T/jv6LHxQ==
Step 4:
Copy
the encrypted output value and use in your properties file in the following
manner
spring.datasource.username=ENC(aviF4d2QFCTH4T/jv6LHxQ== )
Similarly you can encrypt all the attributes in your
property file.
Step 5:
Now the question is where we will maintain the password used for encryption ?
For this we need to maintain one more attribute for encryption password inside properties file
jasypt.encryptor.password=${APP_ENCRYPTION_PASSWORD}
Not to maintain password (used for encryption) in properties file directly.
You can maintain APP_ENCRYPTION_PASSWORD
= dev2a in several other ways (recommended).
1.
Set as environment variable
2.
If application deployed on
Kubernetes environment, we can set password in Kubernetes as well.
We need to add following section in yml deployment
env:
- name: APP_ENCRYPTION_PASSWORD
valueFrom:
secretKeyRef:
name: secret
key: jasypt.encryptor.password
And add 'secret' containing key & value in Kubernetes.
Labels: Encrypt database password in properties file, encrypt password using jasypt, Encrypt spring boot properties file, Jasypt, Jasypt + spring boot, jasypt encrypt properties, Jasypt spring boot
0 Comments:
Post a Comment
Subscribe to Post Comments [Atom]
<< Home