Monday, May 25, 2020

Jasypt with spring boot

What is jasypt ?

Jasypt (Java Simplified Encryption) library, which allows the developer to add basic encryption capabilities to their project and encrypt texts, passwords inside property file. Support for Spring based project & compatible with Spring security.

Steps to configure jasypt in spring boot application


Step1:

Add maven dependency to pom.xml

                <dependency>
                <groupId>com.github.ulisesbocchio</groupId>
                <artifactId>jasypt-spring-boot-starter</artifactId>
                <version>2.1.2</version>
                 </dependency>

Step 2:

Add bean in configuration class

@Bean
public static EnvironmentStringPBEConfig environmentVariablesConfiguration() {
EnvironmentStringPBEConfig config = new EnvironmentStringPBEConfig();
config.setPasswordEnvName("APP_ENCRYPTION_PASSWORD");
        config.setAlgorithm("PBEWithMD5AndDES");
        config.setKeyObtentionIterations("1000");
        config.setPoolSize("1");
        config.setProviderName("SunJCE");
        config.setSaltGeneratorClassName("org.jasypt.salt.RandomSaltGenerator");
        config.setStringOutputType("base64");
return config;
}

@Bean(name="jasyptStringEncryptor")
public static PooledPBEStringEncryptor stringEncryptor() {
PooledPBEStringEncryptor encryptor = new PooledPBEStringEncryptor();
encryptor.setConfig(environmentVariablesConfiguration());
return encryptor;
}

Step 3

Download latest Jasypt client, In my case I downloaded jasypt-1.9.2-dist.zip
Suppose you want to encrypt property -  spring.datasource.username=root
Unzip the client downloaded and open command prompt and run the following command (in case of windows machine)

Command : encrypt.bat input=root password=dev2a

Note: I have used password = dev2a to encrypt the property value 'root'

The output will be:

----ENVIRONMENT-----------------

Runtime: Oracle Corporation Java HotSpot(TM) 64-Bit Server VM 25.201-b09


----ARGUMENTS-------------------

input: root
password: dev2a


----OUTPUT----------------------

aviF4d2QFCTH4T/jv6LHxQ==

Step 4

Copy the encrypted output value and use in your properties file in the following manner
spring.datasource.username=ENC(aviF4d2QFCTH4T/jv6LHxQ==)

Similarly you can encrypt all the attributes in your property file.

Step 5:

Now the question is where we will maintain the password used for encryption ?
For this we need to maintain one more attribute for encryption password inside properties file

jasypt.encryptor.password=${APP_ENCRYPTION_PASSWORD}

Not to maintain password (used for encryption) in properties file directly.

You can maintain APP_ENCRYPTION_PASSWORD = dev2a in several other ways (recommended).

1.  Set as environment variable
2.    If application deployed on Kubernetes environment, we can set password in Kubernetes as well.
   We need to add following section in yml deployment
env:
- name: APP_ENCRYPTION_PASSWORD
  valueFrom:
     secretKeyRef:
name: secret
key: jasypt.encryptor.password

And add 'secret' containing key & value in Kubernetes.

Labels: , , , , , ,

0 Comments:

Post a Comment

Subscribe to Post Comments [Atom]

<< Home